################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2020-06-01 07:58:35 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.sh4"; http_uri; depth:23; isdataat:!1,relative; content:"104.168.169.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373111/; classtype:trojan-activity;sid:81236211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"95.179.153.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373110/; classtype:trojan-activity;sid:81236210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"95.179.153.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373109/; classtype:trojan-activity;sid:81236209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.ppc"; http_uri; depth:23; isdataat:!1,relative; content:"104.168.169.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373108/; classtype:trojan-activity;sid:81236208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.mpsl"; http_uri; depth:24; isdataat:!1,relative; content:"104.168.169.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373107/; classtype:trojan-activity;sid:81236207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"95.179.153.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373106/; classtype:trojan-activity;sid:81236206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3/slk.dll"; http_uri; depth:10; isdataat:!1,relative; content:"urleddrug.at"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373105/; classtype:trojan-activity;sid:81236205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"140.136.119.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373104/; classtype:trojan-activity;sid:81236204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"94.19.45.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373103/; classtype:trojan-activity;sid:81236203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/919100h/nomn0m.x86"; http_uri; depth:19; isdataat:!1,relative; content:"45.95.168.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373101/; classtype:trojan-activity;sid:81236201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/webdoc/win32.exe"; http_uri; depth:17; isdataat:!1,relative; content:"webxpopunlariscostlyinthemarketsevelmk.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373100/; classtype:trojan-activity;sid:81236200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"45.95.168.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373099/; classtype:trojan-activity;sid:81236199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/000jaknet000/19.ppc"; http_uri; depth:20; isdataat:!1,relative; content:"51.75.191.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373097/; classtype:trojan-activity;sid:81236197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/000jaknet000/19.spc"; http_uri; depth:20; isdataat:!1,relative; content:"51.75.191.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373096/; classtype:trojan-activity;sid:81236196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/000jaknet000/19.sh4"; http_uri; depth:20; isdataat:!1,relative; content:"51.75.191.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373095/; classtype:trojan-activity;sid:81236195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/000jaknet000/19.mpsl"; http_uri; depth:21; isdataat:!1,relative; content:"51.75.191.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373094/; classtype:trojan-activity;sid:81236194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/000jaknet000/19.mips"; http_uri; depth:21; isdataat:!1,relative; content:"51.75.191.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373093/; classtype:trojan-activity;sid:81236193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/000jaknet000/19.m68k"; http_uri; depth:21; isdataat:!1,relative; content:"51.75.191.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373092/; classtype:trojan-activity;sid:81236192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/000jaknet000/19.arm6"; http_uri; depth:21; isdataat:!1,relative; content:"51.75.191.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373090/; classtype:trojan-activity;sid:81236190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/000jaknet000/19.arm5"; http_uri; depth:21; isdataat:!1,relative; content:"51.75.191.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373089/; classtype:trojan-activity;sid:81236189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/000jaknet000/19.arm"; http_uri; depth:20; isdataat:!1,relative; content:"51.75.191.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373088/; classtype:trojan-activity;sid:81236188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/000jaknet000/19.x86"; http_uri; depth:20; isdataat:!1,relative; content:"51.75.191.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373087/; classtype:trojan-activity;sid:81236187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"95.168.234.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373085/; classtype:trojan-activity;sid:81236185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"123.17.64.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373084/; classtype:trojan-activity;sid:81236184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chprvdoc/svchost.exe"; http_uri; depth:21; isdataat:!1,relative; content:"sndychnesprvwaybackmaybachholdbageverl.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373083/; classtype:trojan-activity;sid:81236183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"125.40.73.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373082/; classtype:trojan-activity;sid:81236182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"202.151.229.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373081/; classtype:trojan-activity;sid:81236181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"46.107.79.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373080/; classtype:trojan-activity;sid:81236180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chnsfrnd3/winlog.exe"; http_uri; depth:21; isdataat:!1,relative; content:"chinese4higncomeiscausedbythepandevop.duckdns.org"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373079/; classtype:trojan-activity;sid:81236179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373077/; classtype:trojan-activity;sid:81236177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pandemi.apk"; http_uri; depth:12; isdataat:!1,relative; content:"destek-sosyal.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373076/; classtype:trojan-activity;sid:81236176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm7"; http_uri; depth:24; isdataat:!1,relative; content:"104.168.169.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373072/; classtype:trojan-activity;sid:81236172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm5"; http_uri; depth:24; isdataat:!1,relative; content:"104.168.169.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373071/; classtype:trojan-activity;sid:81236171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pandemi.apk"; http_uri; depth:12; isdataat:!1,relative; content:"sosyal-pandemidestek.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373070/; classtype:trojan-activity;sid:81236170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"95.179.153.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373069/; classtype:trojan-activity;sid:81236169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm"; http_uri; depth:15; isdataat:!1,relative; content:"95.179.153.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373068/; classtype:trojan-activity;sid:81236168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lllluuckyy/0x1x1x1x21212121.ppc"; http_uri; depth:32; isdataat:!1,relative; content:"95.216.22.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373067/; classtype:trojan-activity;sid:81236167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lllluuckyy/0x1x1x1x21212121.spc"; http_uri; depth:32; isdataat:!1,relative; content:"95.216.22.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373066/; classtype:trojan-activity;sid:81236166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lllluuckyy/0x1x1x1x21212121.sh4"; http_uri; depth:32; isdataat:!1,relative; content:"95.216.22.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373065/; classtype:trojan-activity;sid:81236165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lllluuckyy/0x1x1x1x21212121.mpsl"; http_uri; depth:33; isdataat:!1,relative; content:"95.216.22.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373064/; classtype:trojan-activity;sid:81236164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lllluuckyy/0x1x1x1x21212121.mips"; http_uri; depth:33; isdataat:!1,relative; content:"95.216.22.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373063/; classtype:trojan-activity;sid:81236163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lllluuckyy/0x1x1x1x21212121.m68k"; http_uri; depth:33; isdataat:!1,relative; content:"95.216.22.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373062/; classtype:trojan-activity;sid:81236162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lllluuckyy/0x1x1x1x21212121.arm7"; http_uri; depth:33; isdataat:!1,relative; content:"95.216.22.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373061/; classtype:trojan-activity;sid:81236161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lllluuckyy/0x1x1x1x21212121.arm6"; http_uri; depth:33; isdataat:!1,relative; content:"95.216.22.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373060/; classtype:trojan-activity;sid:81236160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lllluuckyy/0x1x1x1x21212121.arm"; http_uri; depth:32; isdataat:!1,relative; content:"95.216.22.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373059/; classtype:trojan-activity;sid:81236159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lllluuckyy/0x1x1x1x21212121.x86"; http_uri; depth:32; isdataat:!1,relative; content:"95.216.22.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373058/; classtype:trojan-activity;sid:81236158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373057/; classtype:trojan-activity;sid:81236157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"185.172.111.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373056/; classtype:trojan-activity;sid:81236156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"185.172.111.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373055/; classtype:trojan-activity;sid:81236155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; content:"185.172.111.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373054/; classtype:trojan-activity;sid:81236154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373053/; classtype:trojan-activity;sid:81236153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373052/; classtype:trojan-activity;sid:81236152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"185.172.111.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373051/; classtype:trojan-activity;sid:81236151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.111.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373050/; classtype:trojan-activity;sid:81236150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"185.172.111.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373049/; classtype:trojan-activity;sid:81236149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"185.172.111.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373048/; classtype:trojan-activity;sid:81236148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373046/; classtype:trojan-activity;sid:81236146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.174.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373044/; classtype:trojan-activity;sid:81236144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.59.21.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373043/; classtype:trojan-activity;sid:81236143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373042/; classtype:trojan-activity;sid:81236142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.215.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373027/; classtype:trojan-activity;sid:81236127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.10.33.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373026/; classtype:trojan-activity;sid:81236126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.9.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373025/; classtype:trojan-activity;sid:81236125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373023/; classtype:trojan-activity;sid:81236123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.126.253.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373022/; classtype:trojan-activity;sid:81236122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.120.87.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373021/; classtype:trojan-activity;sid:81236121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.26.194.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373019/; classtype:trojan-activity;sid:81236119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.87.71.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373018/; classtype:trojan-activity;sid:81236118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vehicle.php"; http_uri; depth:12; isdataat:!1,relative; content:"45.76.126.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373016/; classtype:trojan-activity;sid:81236116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/force/calc.exe"; http_uri; depth:21; isdataat:!1,relative; content:"induspride.be"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373014/; classtype:trojan-activity;sid:81236114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/receipt/invoice_112221.doc"; http_uri; depth:27; isdataat:!1,relative; content:"sndychnesprvwaybackmaybachholdbageverl.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373013/; classtype:trojan-activity;sid:81236113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"208.113.131.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373012/; classtype:trojan-activity;sid:81236112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eoxmkb"; http_uri; depth:7; isdataat:!1,relative; content:"179.43.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373011/; classtype:trojan-activity;sid:81236111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.spc"; http_uri; depth:24; isdataat:!1,relative; content:"45.95.55.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373008/; classtype:trojan-activity;sid:81236108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"208.113.131.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373006/; classtype:trojan-activity;sid:81236106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ghpmuy"; http_uri; depth:7; isdataat:!1,relative; content:"179.43.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373005/; classtype:trojan-activity;sid:81236105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.mips"; http_uri; depth:17; isdataat:!1,relative; content:"194.15.36.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373004/; classtype:trojan-activity;sid:81236104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"208.113.131.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373003/; classtype:trojan-activity;sid:81236103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"208.113.131.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373002/; classtype:trojan-activity;sid:81236102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm5"; http_uri; depth:25; isdataat:!1,relative; content:"45.95.55.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373001/; classtype:trojan-activity;sid:81236101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bxdlmi"; http_uri; depth:7; isdataat:!1,relative; content:"179.43.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/373000/; classtype:trojan-activity;sid:81236100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.i586"; http_uri; depth:17; isdataat:!1,relative; content:"194.15.36.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372999/; classtype:trojan-activity;sid:81236099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wkomqp"; http_uri; depth:7; isdataat:!1,relative; content:"179.43.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372998/; classtype:trojan-activity;sid:81236098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vvahia"; http_uri; depth:7; isdataat:!1,relative; content:"179.43.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372997/; classtype:trojan-activity;sid:81236097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm6"; http_uri; depth:25; isdataat:!1,relative; content:"45.95.55.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372996/; classtype:trojan-activity;sid:81236096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"194.15.36.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372993/; classtype:trojan-activity;sid:81236093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"208.113.131.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372992/; classtype:trojan-activity;sid:81236092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"208.113.131.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372991/; classtype:trojan-activity;sid:81236091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"208.113.131.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372987/; classtype:trojan-activity;sid:81236087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yeansn"; http_uri; depth:7; isdataat:!1,relative; content:"179.43.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372984/; classtype:trojan-activity;sid:81236084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lqlakm"; http_uri; depth:7; isdataat:!1,relative; content:"179.43.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372983/; classtype:trojan-activity;sid:81236083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"194.15.36.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372982/; classtype:trojan-activity;sid:81236082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mpsl"; http_uri; depth:25; isdataat:!1,relative; content:"45.95.55.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372979/; classtype:trojan-activity;sid:81236079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.x86"; http_uri; depth:24; isdataat:!1,relative; content:"45.95.55.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372978/; classtype:trojan-activity;sid:81236078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"208.113.131.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372977/; classtype:trojan-activity;sid:81236077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"208.113.131.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372976/; classtype:trojan-activity;sid:81236076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"208.113.131.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372975/; classtype:trojan-activity;sid:81236075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rysypg"; http_uri; depth:7; isdataat:!1,relative; content:"179.43.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372974/; classtype:trojan-activity;sid:81236074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm7"; http_uri; depth:25; isdataat:!1,relative; content:"45.95.55.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372973/; classtype:trojan-activity;sid:81236073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.ppc"; http_uri; depth:24; isdataat:!1,relative; content:"45.95.55.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372972/; classtype:trojan-activity;sid:81236072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"194.15.36.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372970/; classtype:trojan-activity;sid:81236070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.x32"; http_uri; depth:16; isdataat:!1,relative; content:"194.15.36.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372969/; classtype:trojan-activity;sid:81236069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.arm4"; http_uri; depth:17; isdataat:!1,relative; content:"194.15.36.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372968/; classtype:trojan-activity;sid:81236068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.x86"; http_uri; depth:16; isdataat:!1,relative; content:"194.15.36.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372966/; classtype:trojan-activity;sid:81236066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm"; http_uri; depth:24; isdataat:!1,relative; content:"45.95.55.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372965/; classtype:trojan-activity;sid:81236065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rlrtqe"; http_uri; depth:7; isdataat:!1,relative; content:"179.43.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372960/; classtype:trojan-activity;sid:81236060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"208.113.131.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372958/; classtype:trojan-activity;sid:81236058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.m68k"; http_uri; depth:25; isdataat:!1,relative; content:"45.95.55.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372955/; classtype:trojan-activity;sid:81236055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nxftvi"; http_uri; depth:7; isdataat:!1,relative; content:"179.43.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372954/; classtype:trojan-activity;sid:81236054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"208.113.131.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372953/; classtype:trojan-activity;sid:81236053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.sh4"; http_uri; depth:24; isdataat:!1,relative; content:"45.95.55.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372950/; classtype:trojan-activity;sid:81236050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qokcon"; http_uri; depth:7; isdataat:!1,relative; content:"179.43.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372949/; classtype:trojan-activity;sid:81236049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mips"; http_uri; depth:25; isdataat:!1,relative; content:"45.95.55.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372947/; classtype:trojan-activity;sid:81236047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"194.15.36.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372944/; classtype:trojan-activity;sid:81236044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode.sh"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.55.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372941/; classtype:trojan-activity;sid:81236041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yoyobins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"208.113.131.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372940/; classtype:trojan-activity;sid:81236040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"194.15.36.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372939/; classtype:trojan-activity;sid:81236039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh.sh"; http_uri; depth:6; isdataat:!1,relative; content:"179.43.134.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372938/; classtype:trojan-activity;sid:81236038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; content:"37.49.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372936/; classtype:trojan-activity;sid:81236036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gstyrsoisyc.exe"; http_uri; depth:16; isdataat:!1,relative; content:"45.77.50.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372935/; classtype:trojan-activity;sid:81236035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372934/; classtype:trojan-activity;sid:81236034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.125.8.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372933/; classtype:trojan-activity;sid:81236033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.35.232.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372932/; classtype:trojan-activity;sid:81236032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.203.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372928/; classtype:trojan-activity;sid:81236028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372926/; classtype:trojan-activity;sid:81236026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.222.195.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_06_01; reference:url, urlhaus.abuse.ch/url/372925/; classtype:trojan-activity;sid:81236025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n_bins/n.mips"; http_uri; depth:14; isdataat:!1,relative; content:"142.11.200.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372924/; classtype:trojan-activity;sid:81236024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n_bins/n.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"142.11.200.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372923/; classtype:trojan-activity;sid:81236023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n_bins/n.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"142.11.200.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372922/; classtype:trojan-activity;sid:81236022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n_bins/n.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"142.11.200.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372921/; classtype:trojan-activity;sid:81236021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n_bins/n.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"142.11.200.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372920/; classtype:trojan-activity;sid:81236020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n_bins/n.spc"; http_uri; depth:13; isdataat:!1,relative; content:"142.11.200.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372919/; classtype:trojan-activity;sid:81236019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n_bins/n.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"142.11.200.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372918/; classtype:trojan-activity;sid:81236018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n_bins/n.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"142.11.200.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372917/; classtype:trojan-activity;sid:81236017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n_bins/n.x86"; http_uri; depth:13; isdataat:!1,relative; content:"142.11.200.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372916/; classtype:trojan-activity;sid:81236016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/siihost.exe"; http_uri; depth:12; isdataat:!1,relative; content:"induspride.be"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372915/; classtype:trojan-activity;sid:81236015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"5.237.91.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372914/; classtype:trojan-activity;sid:81236014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20gb_hediye_internet.apk"; http_uri; depth:25; isdataat:!1,relative; content:"binsyukle.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372913/; classtype:trojan-activity;sid:81236013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20gb_hediye_internet.apk"; http_uri; depth:25; isdataat:!1,relative; content:"binsyukle.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372912/; classtype:trojan-activity;sid:81236012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20gb_hediye_internet.apk"; http_uri; depth:25; isdataat:!1,relative; content:"binsyukle.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372911/; classtype:trojan-activity;sid:81236011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hediye10gb.apk"; http_uri; depth:15; isdataat:!1,relative; content:"covid19-bedavainternet.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372910/; classtype:trojan-activity;sid:81236010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"112.173.51.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372909/; classtype:trojan-activity;sid:81236009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.34.120.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372908/; classtype:trojan-activity;sid:81236008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"120.151.3.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372907/; classtype:trojan-activity;sid:81236007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n_bins/n.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"142.11.200.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372906/; classtype:trojan-activity;sid:81236006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/n_bins/n.arm"; http_uri; depth:13; isdataat:!1,relative; content:"142.11.200.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372905/; classtype:trojan-activity;sid:81236005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"189.136.132.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372904/; classtype:trojan-activity;sid:81236004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"64.233.154.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372903/; classtype:trojan-activity;sid:81236003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"187.188.36.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372902/; classtype:trojan-activity;sid:81236002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372901/; classtype:trojan-activity;sid:81236001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372900/; classtype:trojan-activity;sid:81236000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0xxx0xxxasdajshdsajhkgdja/sa0as.arm7"; http_uri; depth:37; isdataat:!1,relative; content:"45.95.168.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372899/; classtype:trojan-activity;sid:81235999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0xxx0xxxasdajshdsajhkgdja/sa0as.arm"; http_uri; depth:36; isdataat:!1,relative; content:"45.95.168.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372898/; classtype:trojan-activity;sid:81235998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"186.179.243.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372897/; classtype:trojan-activity;sid:81235997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"27.105.198.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372896/; classtype:trojan-activity;sid:81235996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"189.252.212.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372895/; classtype:trojan-activity;sid:81235995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/le.bot.arm7"; http_uri; depth:12; isdataat:!1,relative; content:"185.107.80.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372894/; classtype:trojan-activity;sid:81235994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ar6"; http_uri; depth:4; isdataat:!1,relative; content:"185.172.110.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372893/; classtype:trojan-activity;sid:81235993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"125.138.57.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372892/; classtype:trojan-activity;sid:81235992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.134.232.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372891/; classtype:trojan-activity;sid:81235991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.95.7.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372890/; classtype:trojan-activity;sid:81235990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"221.160.116.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372889/; classtype:trojan-activity;sid:81235989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.126.128.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372888/; classtype:trojan-activity;sid:81235988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372887/; classtype:trojan-activity;sid:81235987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.3.94.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372886/; classtype:trojan-activity;sid:81235986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372885/; classtype:trojan-activity;sid:81235985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.241.170.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372884/; classtype:trojan-activity;sid:81235984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.95.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372883/; classtype:trojan-activity;sid:81235983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.213.2.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372882/; classtype:trojan-activity;sid:81235982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372881/; classtype:trojan-activity;sid:81235981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.81.84.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372880/; classtype:trojan-activity;sid:81235980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.229.190.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372879/; classtype:trojan-activity;sid:81235979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.43.110.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372878/; classtype:trojan-activity;sid:81235978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ji8w7sw8"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372877/; classtype:trojan-activity;sid:81235977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gr4swnwc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372876/; classtype:trojan-activity;sid:81235976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bz4zycuv"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372875/; classtype:trojan-activity;sid:81235975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/7v25bzvr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372874/; classtype:trojan-activity;sid:81235974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ahqn5nsf"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372873/; classtype:trojan-activity;sid:81235973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2guvuejq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372872/; classtype:trojan-activity;sid:81235972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.27.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372871/; classtype:trojan-activity;sid:81235971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.68.248.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372870/; classtype:trojan-activity;sid:81235970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.107.137.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372869/; classtype:trojan-activity;sid:81235969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.107.222.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372868/; classtype:trojan-activity;sid:81235968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.161.253.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372867/; classtype:trojan-activity;sid:81235967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.81.149.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372866/; classtype:trojan-activity;sid:81235966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/21ystjd7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372865/; classtype:trojan-activity;sid:81235965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.116.238.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372864/; classtype:trojan-activity;sid:81235964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.38.26.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372863/; classtype:trojan-activity;sid:81235963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.114.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372862/; classtype:trojan-activity;sid:81235962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.203.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372861/; classtype:trojan-activity;sid:81235961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.114.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372860/; classtype:trojan-activity;sid:81235960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.107.222.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372859/; classtype:trojan-activity;sid:81235959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.200.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372858/; classtype:trojan-activity;sid:81235958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372857/; classtype:trojan-activity;sid:81235957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.148.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372856/; classtype:trojan-activity;sid:81235956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"149.3.67.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372855/; classtype:trojan-activity;sid:81235955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; content:"111.38.26.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372854/; classtype:trojan-activity;sid:81235954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372853/; classtype:trojan-activity;sid:81235953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372852/; classtype:trojan-activity;sid:81235952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.115.130.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372851/; classtype:trojan-activity;sid:81235951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.119.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372850/; classtype:trojan-activity;sid:81235950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.78.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372849/; classtype:trojan-activity;sid:81235949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.149.247.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372848/; classtype:trojan-activity;sid:81235948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.6.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372847/; classtype:trojan-activity;sid:81235947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.25.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372846/; classtype:trojan-activity;sid:81235946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372845/; classtype:trojan-activity;sid:81235945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.171.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372844/; classtype:trojan-activity;sid:81235944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372843/; classtype:trojan-activity;sid:81235943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.13.0.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372842/; classtype:trojan-activity;sid:81235942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.200.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372841/; classtype:trojan-activity;sid:81235941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"58.115.160.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372840/; classtype:trojan-activity;sid:81235940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nemesis.x86"; http_uri; depth:12; isdataat:!1,relative; content:"136.244.99.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372839/; classtype:trojan-activity;sid:81235939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"190.186.193.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372838/; classtype:trojan-activity;sid:81235938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; content:"159.65.218.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372837/; classtype:trojan-activity;sid:81235937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; content:"159.65.218.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372836/; classtype:trojan-activity;sid:81235936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.32.47.191"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372835/; classtype:trojan-activity;sid:81235935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372834/; classtype:trojan-activity;sid:81235934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; content:"117.44.48.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372833/; classtype:trojan-activity;sid:81235933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uue/jhuuee.exe"; http_uri; depth:15; isdataat:!1,relative; content:"jfohgo.bhtaifvu.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372832/; classtype:trojan-activity;sid:81235932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/juuu/ifhwwyy.exe"; http_uri; depth:17; isdataat:!1,relative; content:"jfohgo.bhtaifvu.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372831/; classtype:trojan-activity;sid:81235931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iuww/jooyu.exe"; http_uri; depth:15; isdataat:!1,relative; content:"jfohgo.bhtaifvu.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372830/; classtype:trojan-activity;sid:81235930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iuww/huesaa.exe"; http_uri; depth:16; isdataat:!1,relative; content:"jfohgo.bhtaifvu.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372829/; classtype:trojan-activity;sid:81235929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iuww/jvppp.exe"; http_uri; depth:15; isdataat:!1,relative; content:"jfohgo.bhtaifvu.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372828/; classtype:trojan-activity;sid:81235928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"89.148.197.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372827/; classtype:trojan-activity;sid:81235927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.90.89.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372826/; classtype:trojan-activity;sid:81235926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.109.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372825/; classtype:trojan-activity;sid:81235925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.35.164.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372824/; classtype:trojan-activity;sid:81235924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.107.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372823/; classtype:trojan-activity;sid:81235923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372822/; classtype:trojan-activity;sid:81235922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.112.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372821/; classtype:trojan-activity;sid:81235921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.179.5.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372820/; classtype:trojan-activity;sid:81235920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372819/; classtype:trojan-activity;sid:81235919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"108.46.212.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372818/; classtype:trojan-activity;sid:81235918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ss2dtvch"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372817/; classtype:trojan-activity;sid:81235917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/53"; http_uri; depth:3; isdataat:!1,relative; content:"98.159.110.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372816/; classtype:trojan-activity;sid:81235916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"98.30.24.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372815/; classtype:trojan-activity;sid:81235915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"175.205.31.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372814/; classtype:trojan-activity;sid:81235914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"70.27.112.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372813/; classtype:trojan-activity;sid:81235913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iuww/jhuimme.exe"; http_uri; depth:17; isdataat:!1,relative; content:"jfohgo.bhtaifvu.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372812/; classtype:trojan-activity;sid:81235912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"24.11.164.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372811/; classtype:trojan-activity;sid:81235911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/inhousevpn.exe"; http_uri; depth:24; isdataat:!1,relative; content:"5.45.84.166"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372810/; classtype:trojan-activity;sid:81235910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nw.exe"; http_uri; depth:7; isdataat:!1,relative; content:"ffvgdsv.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372809/; classtype:trojan-activity;sid:81235909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.180.117.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372808/; classtype:trojan-activity;sid:81235908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mekino%202020%20new_gbaskzmcg6.bin"; http_uri; depth:35; isdataat:!1,relative; content:"45.143.222.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372807/; classtype:trojan-activity;sid:81235907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1d54_38knvr-rl30-twsjavxphq7d2ic8"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372806/; classtype:trojan-activity;sid:81235906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/js/widget/bb_rjxyxfpvry74.bin"; http_uri; depth:39; isdataat:!1,relative; content:"conveyancing.pro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372805/; classtype:trojan-activity;sid:81235905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1nw6do_b4uyar1an3yhzvcgaggf-vz6fy"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372804/; classtype:trojan-activity;sid:81235904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1dmp5qx30ku3-6gvzn4z0gyhucxc8gb-t"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372803/; classtype:trojan-activity;sid:81235903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=12gia79wgzovzrsebhdyoxsp2an8qgoaq"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372802/; classtype:trojan-activity;sid:81235902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=f191ccc6e999117d|7c|26|7c|resid=f191ccc6e999117d%21255|7c|26|7c|authkey=aeq7rrrjp83myym"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372801/; classtype:trojan-activity;sid:81235901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1m_qzjb5peisjwdbpkqgntn011_yp5jvc"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372800/; classtype:trojan-activity;sid:81235900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/js/widget/a_pudmg242.bin"; http_uri; depth:34; isdataat:!1,relative; content:"conveyancing.pro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372799/; classtype:trojan-activity;sid:81235899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1cu5ct2yeklwwf0m7gr36b825b5vp13yc"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372798/; classtype:trojan-activity;sid:81235898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=f191ccc6e999117d|7c|26|7c|resid=f191ccc6e999117d%21250|7c|26|7c|authkey=abky8hxlgobcqw0"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372797/; classtype:trojan-activity;sid:81235897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/addings/taste_pwozmquf144.bin"; http_uri; depth:30; isdataat:!1,relative; content:"13.68.214.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372796/; classtype:trojan-activity;sid:81235896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/run/ip_api_mxsag37.bin"; http_uri; depth:23; isdataat:!1,relative; content:"crossbreed.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372795/; classtype:trojan-activity;sid:81235895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/js/widget/am_txafaut20.bin"; http_uri; depth:36; isdataat:!1,relative; content:"conveyancing.pro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372794/; classtype:trojan-activity;sid:81235894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1teaucp5-sm0mh3wozd0jc7dymjtux3v1"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372793/; classtype:trojan-activity;sid:81235893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/js/widget/a_giwxzcgzoo177.bin"; http_uri; depth:39; isdataat:!1,relative; content:"conveyancing.pro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372792/; classtype:trojan-activity;sid:81235892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1sbsfeqh-dpe_318jlxknikbeekzlfhnn"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372791/; classtype:trojan-activity;sid:81235891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/host_wtdrluh117.bin"; http_uri; depth:20; isdataat:!1,relative; content:"weallneedthismoney.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372790/; classtype:trojan-activity;sid:81235890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ph_exec_cszrhjtuje23.bin"; http_uri; depth:25; isdataat:!1,relative; content:"ffacscs.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372789/; classtype:trojan-activity;sid:81235889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1o5q65v4xwrynqz65i5ojsqms_infyytr"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372788/; classtype:trojan-activity;sid:81235888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1qdpgjqhsdvllqsnrtavhxrdnykgvti7a"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372787/; classtype:trojan-activity;sid:81235887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"107.191.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372786/; classtype:trojan-activity;sid:81235886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"107.191.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372785/; classtype:trojan-activity;sid:81235885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"107.191.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372784/; classtype:trojan-activity;sid:81235884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"107.191.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372783/; classtype:trojan-activity;sid:81235883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"107.191.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372782/; classtype:trojan-activity;sid:81235882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"107.191.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372781/; classtype:trojan-activity;sid:81235881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/puttytest.exe"; http_uri; depth:14; isdataat:!1,relative; content:"kustor.ml"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372780/; classtype:trojan-activity;sid:81235880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"107.191.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372779/; classtype:trojan-activity;sid:81235879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"107.191.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372778/; classtype:trojan-activity;sid:81235878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"107.191.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372777/; classtype:trojan-activity;sid:81235877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"107.191.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372776/; classtype:trojan-activity;sid:81235876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"107.191.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372775/; classtype:trojan-activity;sid:81235875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"201.95.76.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372774/; classtype:trojan-activity;sid:81235874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/zzz.sh"; http_uri; depth:12; isdataat:!1,relative; content:"139.9.77.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372773/; classtype:trojan-activity;sid:81235873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/dockerupdate"; http_uri; depth:18; isdataat:!1,relative; content:"139.9.77.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372772/; classtype:trojan-activity;sid:81235872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"45.64.147.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372771/; classtype:trojan-activity;sid:81235871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"71.246.53.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372770/; classtype:trojan-activity;sid:81235870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.138.91.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372769/; classtype:trojan-activity;sid:81235869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"221.146.252.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372768/; classtype:trojan-activity;sid:81235868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eksgbins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"107.191.43.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372767/; classtype:trojan-activity;sid:81235867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"2.187.7.249"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372766/; classtype:trojan-activity;sid:81235866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ar6"; http_uri; depth:4; isdataat:!1,relative; content:"103.62.48.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372765/; classtype:trojan-activity;sid:81235865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"217.21.147.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372764/; classtype:trojan-activity;sid:81235864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/harm7"; http_uri; depth:30; isdataat:!1,relative; content:"23.254.230.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372763/; classtype:trojan-activity;sid:81235863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/harm"; http_uri; depth:29; isdataat:!1,relative; content:"23.254.230.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372762/; classtype:trojan-activity;sid:81235862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"190.213.49.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372761/; classtype:trojan-activity;sid:81235861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"42.239.232.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372760/; classtype:trojan-activity;sid:81235860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"187.171.191.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372759/; classtype:trojan-activity;sid:81235859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/js/widget/m_bkpdqurt85.bin"; http_uri; depth:36; isdataat:!1,relative; content:"conveyancing.pro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372758/; classtype:trojan-activity;sid:81235858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=11ap6b9bq8fhrhur5aagwmutzyo1-asvj"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372757/; classtype:trojan-activity;sid:81235857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=890837b4e4ca07c6|7c|26|7c|resid=890837b4e4ca07c6%21289|7c|26|7c|authkey=abujc0akmtbsxf4"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372756/; classtype:trojan-activity;sid:81235856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=10hnki8pagbwactea6xqiyyj6egf5ysh6"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372755/; classtype:trojan-activity;sid:81235855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=177gpnfs5xq1bj7iznmaf5wirufxz_h4k"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372754/; classtype:trojan-activity;sid:81235854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1nw4d_t0hobhrf5cv97indudxgfgzoq2n"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372753/; classtype:trojan-activity;sid:81235853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=f191ccc6e999117d|7c|26|7c|resid=f191ccc6e999117d%21232|7c|26|7c|authkey=ae0u1ircnwblbg4"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372752/; classtype:trojan-activity;sid:81235852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1pf0xkvbvlid8_j1vp1vlrgcvbb4us1pc"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372751/; classtype:trojan-activity;sid:81235851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=5012a067b5dec1df|7c|26|7c|resid=5012a067b5dec1df%21318|7c|26|7c|authkey=apc2womdahcdihc"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372750/; classtype:trojan-activity;sid:81235850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1sbeqis1igwatr_ajmr-j56dbveaxxvtt"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372749/; classtype:trojan-activity;sid:81235849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=5012a067b5dec1df|7c|26|7c|resid=5012a067b5dec1df%21314|7c|26|7c|authkey=aex2uv2-eiofr8q"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372748/; classtype:trojan-activity;sid:81235848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=ca308e3d3912d9e7|7c|26|7c|resid=ca308e3d3912d9e7%21547|7c|26|7c|authkey=aipm8qnwbgo4yga"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372747/; classtype:trojan-activity;sid:81235847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=15nekxnhdttoxya2lwygtjxmwnusaxkyh"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372746/; classtype:trojan-activity;sid:81235846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1enol-ivgh078ebsmerptykbdycneiq1b"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372745/; classtype:trojan-activity;sid:81235845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1rhrbcvnkyeqrakwo9uzrqoci8t6fo-ar"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372744/; classtype:trojan-activity;sid:81235844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/host32_genng152.bin"; http_uri; depth:20; isdataat:!1,relative; content:"37.49.230.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372743/; classtype:trojan-activity;sid:81235843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1m-b8oor0ulf8nvmiphueokuvvrw4-hp9"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372742/; classtype:trojan-activity;sid:81235842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1xpiubbrxvuagqc14nlkega2hxf92dpf7"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372741/; classtype:trojan-activity;sid:81235841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1mmwpmtiehqp6plajrryl94fgqulgcwlr"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372740/; classtype:trojan-activity;sid:81235840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=e61e5f3f655316fa|7c|26|7c|resid=e61e5f3f655316fa%21206|7c|26|7c|authkey=alwfu6ej5z-u0ke"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372739/; classtype:trojan-activity;sid:81235839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.34.55.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372738/; classtype:trojan-activity;sid:81235838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"46.100.224.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372737/; classtype:trojan-activity;sid:81235837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"37.49.226.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372736/; classtype:trojan-activity;sid:81235836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"37.49.226.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372735/; classtype:trojan-activity;sid:81235835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"37.49.226.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372734/; classtype:trojan-activity;sid:81235834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"37.49.226.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372732/; classtype:trojan-activity;sid:81235832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; content:"37.49.226.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372731/; classtype:trojan-activity;sid:81235831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"37.49.226.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372730/; classtype:trojan-activity;sid:81235830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"37.49.226.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372729/; classtype:trojan-activity;sid:81235829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"37.49.226.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372728/; classtype:trojan-activity;sid:81235828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"37.49.226.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372727/; classtype:trojan-activity;sid:81235827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"37.49.226.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372726/; classtype:trojan-activity;sid:81235826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"37.49.226.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372725/; classtype:trojan-activity;sid:81235825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372724/; classtype:trojan-activity;sid:81235824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.90.238.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372723/; classtype:trojan-activity;sid:81235823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.5.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372722/; classtype:trojan-activity;sid:81235822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.211.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372721/; classtype:trojan-activity;sid:81235821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.5.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372720/; classtype:trojan-activity;sid:81235820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372719/; classtype:trojan-activity;sid:81235819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.81.31.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372718/; classtype:trojan-activity;sid:81235818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372717/; classtype:trojan-activity;sid:81235817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372716/; classtype:trojan-activity;sid:81235816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.123.109.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372715/; classtype:trojan-activity;sid:81235815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372714/; classtype:trojan-activity;sid:81235814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.229.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372713/; classtype:trojan-activity;sid:81235813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.42.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372712/; classtype:trojan-activity;sid:81235812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372711/; classtype:trojan-activity;sid:81235811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; content:"61.241.170.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372710/; classtype:trojan-activity;sid:81235810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ey0jvq52"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372709/; classtype:trojan-activity;sid:81235809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah5"; http_uri; depth:6; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372708/; classtype:trojan-activity;sid:81235808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372707/; classtype:trojan-activity;sid:81235807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woahppc"; http_uri; depth:8; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372706/; classtype:trojan-activity;sid:81235806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woahi686"; http_uri; depth:9; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372705/; classtype:trojan-activity;sid:81235805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woahmips"; http_uri; depth:9; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372704/; classtype:trojan-activity;sid:81235804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah4t"; http_uri; depth:7; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372703/; classtype:trojan-activity;sid:81235803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woahspc"; http_uri; depth:8; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372702/; classtype:trojan-activity;sid:81235802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woahx86"; http_uri; depth:8; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372701/; classtype:trojan-activity;sid:81235801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah4"; http_uri; depth:6; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372700/; classtype:trojan-activity;sid:81235800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woahm68"; http_uri; depth:8; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372699/; classtype:trojan-activity;sid:81235799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah6"; http_uri; depth:6; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372698/; classtype:trojan-activity;sid:81235798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woahsh4"; http_uri; depth:8; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372697/; classtype:trojan-activity;sid:81235797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woahmpsl"; http_uri; depth:9; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372696/; classtype:trojan-activity;sid:81235796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah7"; http_uri; depth:6; isdataat:!1,relative; content:"103.214.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372695/; classtype:trojan-activity;sid:81235795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/f8s8qypa"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372694/; classtype:trojan-activity;sid:81235794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.168.138.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372693/; classtype:trojan-activity;sid:81235793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.62.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372692/; classtype:trojan-activity;sid:81235792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.38.25.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372691/; classtype:trojan-activity;sid:81235791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.105.83.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372690/; classtype:trojan-activity;sid:81235790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.14.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372689/; classtype:trojan-activity;sid:81235789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.161.255.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372688/; classtype:trojan-activity;sid:81235788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372687/; classtype:trojan-activity;sid:81235787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.21.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372686/; classtype:trojan-activity;sid:81235786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc/officebuilder.exe"; http_uri; depth:22; isdataat:!1,relative; content:"cloud-server-updater6.co.za"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372685/; classtype:trojan-activity;sid:81235785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/se2ghqkj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372684/; classtype:trojan-activity;sid:81235784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qxhg3kjs"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372683/; classtype:trojan-activity;sid:81235783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"194.87.138.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372682/; classtype:trojan-activity;sid:81235782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"194.87.138.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372681/; classtype:trojan-activity;sid:81235781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"162.220.160.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372680/; classtype:trojan-activity;sid:81235780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"194.87.138.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372679/; classtype:trojan-activity;sid:81235779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"194.87.138.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372678/; classtype:trojan-activity;sid:81235778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"162.220.160.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372677/; classtype:trojan-activity;sid:81235777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"162.220.160.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372676/; classtype:trojan-activity;sid:81235776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"162.220.160.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372675/; classtype:trojan-activity;sid:81235775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"194.87.138.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372674/; classtype:trojan-activity;sid:81235774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"194.87.138.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372673/; classtype:trojan-activity;sid:81235773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"194.87.138.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372672/; classtype:trojan-activity;sid:81235772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"162.220.160.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372671/; classtype:trojan-activity;sid:81235771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"194.87.138.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372670/; classtype:trojan-activity;sid:81235770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"162.220.160.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372669/; classtype:trojan-activity;sid:81235769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"194.87.138.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372668/; classtype:trojan-activity;sid:81235768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"162.220.160.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372667/; classtype:trojan-activity;sid:81235767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"162.220.160.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372666/; classtype:trojan-activity;sid:81235766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"162.220.160.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372665/; classtype:trojan-activity;sid:81235765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"162.220.160.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372664/; classtype:trojan-activity;sid:81235764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"162.220.160.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372663/; classtype:trojan-activity;sid:81235763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"162.220.160.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372662/; classtype:trojan-activity;sid:81235762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"194.87.138.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372661/; classtype:trojan-activity;sid:81235761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"194.87.138.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372660/; classtype:trojan-activity;sid:81235760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"194.87.138.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372659/; classtype:trojan-activity;sid:81235759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arcadienbins.sh"; http_uri; depth:16; isdataat:!1,relative; content:"162.220.160.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372658/; classtype:trojan-activity;sid:81235758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eksgbins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"194.87.138.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372657/; classtype:trojan-activity;sid:81235757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/612.exe"; http_uri; depth:8; isdataat:!1,relative; content:"polosatik.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372656/; classtype:trojan-activity;sid:81235756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1vxsdh0g"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372655/; classtype:trojan-activity;sid:81235755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yd6vwrst"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372654/; classtype:trojan-activity;sid:81235754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rj61tcwl"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372653/; classtype:trojan-activity;sid:81235753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jqy7acww"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372652/; classtype:trojan-activity;sid:81235752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/126.exe"; http_uri; depth:8; isdataat:!1,relative; content:"polosatik.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372651/; classtype:trojan-activity;sid:81235751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/751.exe"; http_uri; depth:8; isdataat:!1,relative; content:"polosatik.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372650/; classtype:trojan-activity;sid:81235750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/321.exe"; http_uri; depth:8; isdataat:!1,relative; content:"polosatik.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372649/; classtype:trojan-activity;sid:81235749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rac1.exe"; http_uri; depth:9; isdataat:!1,relative; content:"ffacscs.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372648/; classtype:trojan-activity;sid:81235748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/az1.exe"; http_uri; depth:8; isdataat:!1,relative; content:"ffacscs.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372647/; classtype:trojan-activity;sid:81235747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rac2.exe"; http_uri; depth:9; isdataat:!1,relative; content:"ffacscs.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372646/; classtype:trojan-activity;sid:81235746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/az2.exe"; http_uri; depth:8; isdataat:!1,relative; content:"ffvgdsv.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372645/; classtype:trojan-activity;sid:81235745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vcruntime140.dll"; http_uri; depth:17; isdataat:!1,relative; content:"purification.ug"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372643/; classtype:trojan-activity;sid:81235743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nss3.dll"; http_uri; depth:9; isdataat:!1,relative; content:"purification.ug"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372642/; classtype:trojan-activity;sid:81235742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/msvcp140.dll"; http_uri; depth:13; isdataat:!1,relative; content:"purification.ug"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372641/; classtype:trojan-activity;sid:81235741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozglue.dll"; http_uri; depth:12; isdataat:!1,relative; content:"purification.ug"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372640/; classtype:trojan-activity;sid:81235740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/freebl3.dll"; http_uri; depth:12; isdataat:!1,relative; content:"purification.ug"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372639/; classtype:trojan-activity;sid:81235739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sqlite3.dll"; http_uri; depth:12; isdataat:!1,relative; content:"purification.ug"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372638/; classtype:trojan-activity;sid:81235738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/softokn3.dll"; http_uri; depth:13; isdataat:!1,relative; content:"purification.ug"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372637/; classtype:trojan-activity;sid:81235737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gate/sqlite3.dll"; http_uri; depth:17; isdataat:!1,relative; content:"34.107.4.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372636/; classtype:trojan-activity;sid:81235736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/e6hcpq6e"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372635/; classtype:trojan-activity;sid:81235735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.27.13.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372634/; classtype:trojan-activity;sid:81235734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.79.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372633/; classtype:trojan-activity;sid:81235733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372632/; classtype:trojan-activity;sid:81235732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.24.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372631/; classtype:trojan-activity;sid:81235731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.192.148.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372630/; classtype:trojan-activity;sid:81235730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.115.33.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372629/; classtype:trojan-activity;sid:81235729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.123.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_31; reference:url, urlhaus.abuse.ch/url/372628/; classtype:trojan-activity;sid:81235728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qjh48hji"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372627/; classtype:trojan-activity;sid:81235727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"165.22.224.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372626/; classtype:trojan-activity;sid:81235726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"165.22.224.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372625/; classtype:trojan-activity;sid:81235725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"165.22.224.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372624/; classtype:trojan-activity;sid:81235724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"165.22.224.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372623/; classtype:trojan-activity;sid:81235723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"165.22.224.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372622/; classtype:trojan-activity;sid:81235722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"165.22.224.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372621/; classtype:trojan-activity;sid:81235721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"165.22.224.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372620/; classtype:trojan-activity;sid:81235720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"165.22.224.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372619/; classtype:trojan-activity;sid:81235719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"165.22.224.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372618/; classtype:trojan-activity;sid:81235718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"165.22.224.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372617/; classtype:trojan-activity;sid:81235717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zeros6x.sh"; http_uri; depth:11; isdataat:!1,relative; content:"37.49.224.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372616/; classtype:trojan-activity;sid:81235716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372615/; classtype:trojan-activity;sid:81235715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.4.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372614/; classtype:trojan-activity;sid:81235714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372613/; classtype:trojan-activity;sid:81235713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.10.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372612/; classtype:trojan-activity;sid:81235712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.119.138.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372611/; classtype:trojan-activity;sid:81235711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.27.242.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372610/; classtype:trojan-activity;sid:81235710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"14.42.155.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372609/; classtype:trojan-activity;sid:81235709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372608/; classtype:trojan-activity;sid:81235708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.107.222.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372607/; classtype:trojan-activity;sid:81235707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372606/; classtype:trojan-activity;sid:81235706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"5.26.128.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372605/; classtype:trojan-activity;sid:81235705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ndcgry8y"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372604/; classtype:trojan-activity;sid:81235704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/82eqsh8h"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372603/; classtype:trojan-activity;sid:81235703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"95.179.183.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372602/; classtype:trojan-activity;sid:81235702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"95.179.183.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372601/; classtype:trojan-activity;sid:81235701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"95.179.183.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372600/; classtype:trojan-activity;sid:81235700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"95.179.183.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372599/; classtype:trojan-activity;sid:81235699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"95.179.183.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372598/; classtype:trojan-activity;sid:81235698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"95.179.183.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372597/; classtype:trojan-activity;sid:81235697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"95.179.183.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372596/; classtype:trojan-activity;sid:81235696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"95.179.183.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372595/; classtype:trojan-activity;sid:81235695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"95.179.183.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372594/; classtype:trojan-activity;sid:81235694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"149.210.26.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372593/; classtype:trojan-activity;sid:81235693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"37.49.226.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372592/; classtype:trojan-activity;sid:81235692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tzpkgqvj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372591/; classtype:trojan-activity;sid:81235691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/axisbins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"37.49.226.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372590/; classtype:trojan-activity;sid:81235690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"80.240.18.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372589/; classtype:trojan-activity;sid:81235689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/33bi/ares.arm4tl"; http_uri; depth:17; isdataat:!1,relative; content:"94.102.63.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372588/; classtype:trojan-activity;sid:81235688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/33bi/ares.arc"; http_uri; depth:14; isdataat:!1,relative; content:"94.102.63.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372587/; classtype:trojan-activity;sid:81235687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/33bi/ares.x32"; http_uri; depth:14; isdataat:!1,relative; content:"94.102.63.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372586/; classtype:trojan-activity;sid:81235686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.232.203.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372585/; classtype:trojan-activity;sid:81235685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.133.225.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372584/; classtype:trojan-activity;sid:81235684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372583/; classtype:trojan-activity;sid:81235683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.26.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372582/; classtype:trojan-activity;sid:81235682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.16.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372581/; classtype:trojan-activity;sid:81235681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.123.58.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372580/; classtype:trojan-activity;sid:81235680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372579/; classtype:trojan-activity;sid:81235679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.218.6.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372578/; classtype:trojan-activity;sid:81235678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372577/; classtype:trojan-activity;sid:81235677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.105.83.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372576/; classtype:trojan-activity;sid:81235676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.212.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372575/; classtype:trojan-activity;sid:81235675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372574/; classtype:trojan-activity;sid:81235674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"95.179.183.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372573/; classtype:trojan-activity;sid:81235673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"95.179.183.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372572/; classtype:trojan-activity;sid:81235672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hive.exe"; http_uri; depth:9; isdataat:!1,relative; content:"bans.nebulamc.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372571/; classtype:trojan-activity;sid:81235671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; content:"95.179.183.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372570/; classtype:trojan-activity;sid:81235670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.79.28.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372569/; classtype:trojan-activity;sid:81235669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"95.179.183.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372568/; classtype:trojan-activity;sid:81235668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"218.35.81.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372567/; classtype:trojan-activity;sid:81235667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"171.228.191.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372566/; classtype:trojan-activity;sid:81235666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shot/myserver_encrypted_a96ebcf.bin"; http_uri; depth:36; isdataat:!1,relative; content:"bonker.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372565/; classtype:trojan-activity;sid:81235665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"115.205.14.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372564/; classtype:trojan-activity;sid:81235664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"84.224.144.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372563/; classtype:trojan-activity;sid:81235663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ares.sh"; http_uri; depth:8; isdataat:!1,relative; content:"94.102.63.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372562/; classtype:trojan-activity;sid:81235662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"118.43.81.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372561/; classtype:trojan-activity;sid:81235661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ont"; http_uri; depth:4; isdataat:!1,relative; content:"80.240.18.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372560/; classtype:trojan-activity;sid:81235660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"142.93.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372559/; classtype:trojan-activity;sid:81235659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"142.93.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372558/; classtype:trojan-activity;sid:81235658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"142.93.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372557/; classtype:trojan-activity;sid:81235657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"142.93.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372556/; classtype:trojan-activity;sid:81235656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/unhappyshitbins.sh"; http_uri; depth:19; isdataat:!1,relative; content:"142.93.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372555/; classtype:trojan-activity;sid:81235655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"142.93.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372554/; classtype:trojan-activity;sid:81235654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"142.93.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372553/; classtype:trojan-activity;sid:81235653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"142.93.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372552/; classtype:trojan-activity;sid:81235652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"142.93.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372551/; classtype:trojan-activity;sid:81235651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qgv3j8cj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372550/; classtype:trojan-activity;sid:81235650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"223.22.243.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372549/; classtype:trojan-activity;sid:81235649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"196.221.206.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372548/; classtype:trojan-activity;sid:81235648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.5.29.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372547/; classtype:trojan-activity;sid:81235647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.27.243.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372546/; classtype:trojan-activity;sid:81235646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.107.222.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372545/; classtype:trojan-activity;sid:81235645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.55.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372544/; classtype:trojan-activity;sid:81235644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.235.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372543/; classtype:trojan-activity;sid:81235643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.158.55.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372542/; classtype:trojan-activity;sid:81235642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372541/; classtype:trojan-activity;sid:81235641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.spc"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372540/; classtype:trojan-activity;sid:81235640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mips"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372539/; classtype:trojan-activity;sid:81235639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rdttzcmi"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372538/; classtype:trojan-activity;sid:81235638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fjgwby8e"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372537/; classtype:trojan-activity;sid:81235637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/scwrfnmb"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372536/; classtype:trojan-activity;sid:81235636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mtken2km"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372535/; classtype:trojan-activity;sid:81235635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kaenvcz9"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372534/; classtype:trojan-activity;sid:81235634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/adjp56wt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372533/; classtype:trojan-activity;sid:81235633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qzmsb7gz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372532/; classtype:trojan-activity;sid:81235632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372531/; classtype:trojan-activity;sid:81235631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372530/; classtype:trojan-activity;sid:81235630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372529/; classtype:trojan-activity;sid:81235629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bankinvoice.7z"; http_uri; depth:15; isdataat:!1,relative; content:"connectltdd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372528/; classtype:trojan-activity;sid:81235628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/order.doc"; http_uri; depth:10; isdataat:!1,relative; content:"connectltdd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372527/; classtype:trojan-activity;sid:81235627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.x86"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372526/; classtype:trojan-activity;sid:81235626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372525/; classtype:trojan-activity;sid:81235625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6xhjpptz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372524/; classtype:trojan-activity;sid:81235624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/list.doc"; http_uri; depth:9; isdataat:!1,relative; content:"connectltdd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372523/; classtype:trojan-activity;sid:81235623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372522/; classtype:trojan-activity;sid:81235622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372521/; classtype:trojan-activity;sid:81235621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.spc"; http_uri; depth:23; isdataat:!1,relative; content:"170.130.172.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372520/; classtype:trojan-activity;sid:81235620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm"; http_uri; depth:23; isdataat:!1,relative; content:"170.130.172.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372519/; classtype:trojan-activity;sid:81235619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm7"; http_uri; depth:24; isdataat:!1,relative; content:"170.130.172.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372518/; classtype:trojan-activity;sid:81235618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm6"; http_uri; depth:24; isdataat:!1,relative; content:"170.130.172.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372517/; classtype:trojan-activity;sid:81235617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.sh4"; http_uri; depth:23; isdataat:!1,relative; content:"170.130.172.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372516/; classtype:trojan-activity;sid:81235616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.m68k"; http_uri; depth:24; isdataat:!1,relative; content:"170.130.172.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372515/; classtype:trojan-activity;sid:81235615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.mips"; http_uri; depth:24; isdataat:!1,relative; content:"170.130.172.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372514/; classtype:trojan-activity;sid:81235614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm5"; http_uri; depth:24; isdataat:!1,relative; content:"170.130.172.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372513/; classtype:trojan-activity;sid:81235613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; content:"170.130.172.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372512/; classtype:trojan-activity;sid:81235612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.x86"; http_uri; depth:23; isdataat:!1,relative; content:"170.130.172.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372511/; classtype:trojan-activity;sid:81235611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.mpsl"; http_uri; depth:24; isdataat:!1,relative; content:"170.130.172.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372510/; classtype:trojan-activity;sid:81235610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.ppc"; http_uri; depth:23; isdataat:!1,relative; content:"170.130.172.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372509/; classtype:trojan-activity;sid:81235609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qfxpey3h"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372508/; classtype:trojan-activity;sid:81235608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ccrueyrg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372507/; classtype:trojan-activity;sid:81235607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3ch3uf31"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372506/; classtype:trojan-activity;sid:81235606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins//arm6"; http_uri; depth:11; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372505/; classtype:trojan-activity;sid:81235605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.115.130.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372504/; classtype:trojan-activity;sid:81235604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372503/; classtype:trojan-activity;sid:81235603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.123.109.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372502/; classtype:trojan-activity;sid:81235602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.243.189.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372501/; classtype:trojan-activity;sid:81235601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.24.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372500/; classtype:trojan-activity;sid:81235600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.123.68.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372499/; classtype:trojan-activity;sid:81235599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.35.161.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372498/; classtype:trojan-activity;sid:81235598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"121.122.72.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372497/; classtype:trojan-activity;sid:81235597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ie1gk3dhu_fnt00pqrr5ewtz7b3ugcni"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372496/; classtype:trojan-activity;sid:81235596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/backdoornew_ixnqxyujpy62.bin"; http_uri; depth:29; isdataat:!1,relative; content:"pashupatiexports.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372495/; classtype:trojan-activity;sid:81235595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1sxtorggpv8t1w0phqac80c4vlemwjnxz"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372494/; classtype:trojan-activity;sid:81235594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/benx/benx_gtggwnxci67.bin"; http_uri; depth:26; isdataat:!1,relative; content:"109.201.143.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372493/; classtype:trojan-activity;sid:81235593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/run/build_drxkseetpj112.bin"; http_uri; depth:28; isdataat:!1,relative; content:"crossbreed.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372492/; classtype:trojan-activity;sid:81235592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1h_lwtor812zp21pmky7t6bqmw7orkhtb"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372491/; classtype:trojan-activity;sid:81235591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"80.85.87.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372490/; classtype:trojan-activity;sid:81235590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"80.85.87.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372489/; classtype:trojan-activity;sid:81235589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372488/; classtype:trojan-activity;sid:81235588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372487/; classtype:trojan-activity;sid:81235587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"121.170.94.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372486/; classtype:trojan-activity;sid:81235586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/filebest.msi"; http_uri; depth:13; isdataat:!1,relative; content:"connectltdd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372485/; classtype:trojan-activity;sid:81235585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20gb_hediye_internet.apk"; http_uri; depth:25; isdataat:!1,relative; content:"devamtr.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372484/; classtype:trojan-activity;sid:81235584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20gb_hediye_internet.apk"; http_uri; depth:25; isdataat:!1,relative; content:"devamtr.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372483/; classtype:trojan-activity;sid:81235583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20gb_hediye_internet.apk"; http_uri; depth:25; isdataat:!1,relative; content:"devamtr.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372482/; classtype:trojan-activity;sid:81235582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20gb_hediye_internet.apk"; http_uri; depth:25; isdataat:!1,relative; content:"devamtr.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372481/; classtype:trojan-activity;sid:81235581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"73.206.119.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372480/; classtype:trojan-activity;sid:81235580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xb1uwd8n"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372479/; classtype:trojan-activity;sid:81235579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5yjbazcq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372478/; classtype:trojan-activity;sid:81235578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.spc"; http_uri; depth:23; isdataat:!1,relative; content:"198.46.223.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372477/; classtype:trojan-activity;sid:81235577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm"; http_uri; depth:23; isdataat:!1,relative; content:"198.46.223.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372476/; classtype:trojan-activity;sid:81235576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm6"; http_uri; depth:24; isdataat:!1,relative; content:"198.46.223.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372475/; classtype:trojan-activity;sid:81235575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.sh4"; http_uri; depth:23; isdataat:!1,relative; content:"198.46.223.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372474/; classtype:trojan-activity;sid:81235574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.mpsl"; http_uri; depth:24; isdataat:!1,relative; content:"198.46.223.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372473/; classtype:trojan-activity;sid:81235573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.m68k"; http_uri; depth:24; isdataat:!1,relative; content:"198.46.223.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372472/; classtype:trojan-activity;sid:81235572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.mips"; http_uri; depth:24; isdataat:!1,relative; content:"198.46.223.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372471/; classtype:trojan-activity;sid:81235571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.ppc"; http_uri; depth:23; isdataat:!1,relative; content:"198.46.223.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372470/; classtype:trojan-activity;sid:81235570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"177.9.201.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372469/; classtype:trojan-activity;sid:81235569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dxw0y93t"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372468/; classtype:trojan-activity;sid:81235568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dwpupjxf"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372467/; classtype:trojan-activity;sid:81235567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.3.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372466/; classtype:trojan-activity;sid:81235566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372465/; classtype:trojan-activity;sid:81235565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372464/; classtype:trojan-activity;sid:81235564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.205.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372463/; classtype:trojan-activity;sid:81235563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372462/; classtype:trojan-activity;sid:81235562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.130.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372461/; classtype:trojan-activity;sid:81235561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.188.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372460/; classtype:trojan-activity;sid:81235560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.33.248.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372459/; classtype:trojan-activity;sid:81235559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/evhru1y5"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372458/; classtype:trojan-activity;sid:81235558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/avbt0zbz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372457/; classtype:trojan-activity;sid:81235557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"115.77.115.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372456/; classtype:trojan-activity;sid:81235556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"112.162.160.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372455/; classtype:trojan-activity;sid:81235555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tesnvshr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372454/; classtype:trojan-activity;sid:81235554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/8ngrvmmq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372453/; classtype:trojan-activity;sid:81235553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.i586"; http_uri; depth:17; isdataat:!1,relative; content:"31.192.111.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372452/; classtype:trojan-activity;sid:81235552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.arm4"; http_uri; depth:17; isdataat:!1,relative; content:"31.192.111.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372451/; classtype:trojan-activity;sid:81235551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.x32"; http_uri; depth:16; isdataat:!1,relative; content:"31.192.111.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372450/; classtype:trojan-activity;sid:81235550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm/bash"; http_uri; depth:9; isdataat:!1,relative; content:"198.98.50.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372449/; classtype:trojan-activity;sid:81235549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"31.192.111.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372448/; classtype:trojan-activity;sid:81235548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.x86"; http_uri; depth:16; isdataat:!1,relative; content:"31.192.111.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372447/; classtype:trojan-activity;sid:81235547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.mips"; http_uri; depth:17; isdataat:!1,relative; content:"31.192.111.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372446/; classtype:trojan-activity;sid:81235546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"31.192.111.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372445/; classtype:trojan-activity;sid:81235545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"31.192.111.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372444/; classtype:trojan-activity;sid:81235544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orbitclient.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"31.192.111.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372443/; classtype:trojan-activity;sid:81235543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"192.241.142.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372442/; classtype:trojan-activity;sid:81235542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; content:"192.241.142.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372441/; classtype:trojan-activity;sid:81235541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372440/; classtype:trojan-activity;sid:81235540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyelbins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"45.148.10.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372439/; classtype:trojan-activity;sid:81235539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1xcchko40-jzfrmhcltba05wpghokmkxn"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372438/; classtype:trojan-activity;sid:81235538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jk/middlemay_jzzxeryeh136.bin"; http_uri; depth:30; isdataat:!1,relative; content:"ramadaislamabad.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372437/; classtype:trojan-activity;sid:81235537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/host_hdvndlbyco198.bin"; http_uri; depth:23; isdataat:!1,relative; content:"nlemmy1.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372436/; classtype:trojan-activity;sid:81235536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/host_hdvndlbyco198.bin"; http_uri; depth:23; isdataat:!1,relative; content:"nlemmy2.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372435/; classtype:trojan-activity;sid:81235535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/y5pwzn9cfp14skc/origin_kpbygzql114.bin/file"; http_uri; depth:49; isdataat:!1,relative; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372434/; classtype:trojan-activity;sid:81235534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=121kgpwcyuoofhyqounawan-cepyozkem"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372433/; classtype:trojan-activity;sid:81235533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1c-k3kpqofcqeivtziaasxcn9rn5za4bb"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372432/; classtype:trojan-activity;sid:81235532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nw_kuilgemgk73.bin"; http_uri; depth:19; isdataat:!1,relative; content:"blockchains.pk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372431/; classtype:trojan-activity;sid:81235531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nw_kuilgemgk73.bin"; http_uri; depth:19; isdataat:!1,relative; content:"ffacscs.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372430/; classtype:trojan-activity;sid:81235530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1eloinsvtziabatbvnzqwxal_rsriccrt"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372429/; classtype:trojan-activity;sid:81235529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1rt0enwtfcuhbrtsymhkqrpdv7a31kyf3"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372428/; classtype:trojan-activity;sid:81235528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1fg__62e7k2eo9badko1oixnjoszykzei"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372427/; classtype:trojan-activity;sid:81235527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.135.43.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372426/; classtype:trojan-activity;sid:81235526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0"; http_uri; depth:2; isdataat:!1,relative; content:"198.98.50.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372425/; classtype:trojan-activity;sid:81235525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i.sh"; http_uri; depth:5; isdataat:!1,relative; content:"198.98.50.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372424/; classtype:trojan-activity;sid:81235524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm7"; http_uri; depth:24; isdataat:!1,relative; content:"192.241.142.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372423/; classtype:trojan-activity;sid:81235523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm5"; http_uri; depth:24; isdataat:!1,relative; content:"192.241.142.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372422/; classtype:trojan-activity;sid:81235522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"41.38.51.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372421/; classtype:trojan-activity;sid:81235521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.ghoul"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372420/; classtype:trojan-activity;sid:81235520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"112.158.167.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372419/; classtype:trojan-activity;sid:81235519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"73.254.248.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372418/; classtype:trojan-activity;sid:81235518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.130.223.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372417/; classtype:trojan-activity;sid:81235517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"171.249.69.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372416/; classtype:trojan-activity;sid:81235516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.124.169.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372415/; classtype:trojan-activity;sid:81235515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.135.36.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372414/; classtype:trojan-activity;sid:81235514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vcimanagement.arm5"; http_uri; depth:24; isdataat:!1,relative; content:"198.46.223.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372413/; classtype:trojan-activity;sid:81235513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372412/; classtype:trojan-activity;sid:81235512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.15.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372411/; classtype:trojan-activity;sid:81235511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372410/; classtype:trojan-activity;sid:81235510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372409/; classtype:trojan-activity;sid:81235509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.43.65.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372408/; classtype:trojan-activity;sid:81235508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372407/; classtype:trojan-activity;sid:81235507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.180.117.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372406/; classtype:trojan-activity;sid:81235506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372405/; classtype:trojan-activity;sid:81235505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.107.222.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372404/; classtype:trojan-activity;sid:81235504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372403/; classtype:trojan-activity;sid:81235503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vcruntime140.dll"; http_uri; depth:17; isdataat:!1,relative; content:"zebi.zzz.com.ua"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372402/; classtype:trojan-activity;sid:81235502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/softokn3.dll"; http_uri; depth:13; isdataat:!1,relative; content:"zebi.zzz.com.ua"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372401/; classtype:trojan-activity;sid:81235501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nss3.dll"; http_uri; depth:9; isdataat:!1,relative; content:"zebi.zzz.com.ua"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372400/; classtype:trojan-activity;sid:81235500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/msvcp140.dll"; http_uri; depth:13; isdataat:!1,relative; content:"zebi.zzz.com.ua"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372399/; classtype:trojan-activity;sid:81235499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozglue.dll"; http_uri; depth:12; isdataat:!1,relative; content:"zebi.zzz.com.ua"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372398/; classtype:trojan-activity;sid:81235498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/freebl3.dll"; http_uri; depth:12; isdataat:!1,relative; content:"zebi.zzz.com.ua"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372397/; classtype:trojan-activity;sid:81235497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/penelop/5.exe"; http_uri; depth:20; isdataat:!1,relative; content:"cjto.top"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372396/; classtype:trojan-activity;sid:81235496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/penelop/updatewin2.exe"; http_uri; depth:29; isdataat:!1,relative; content:"cjto.top"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372395/; classtype:trojan-activity;sid:81235495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/penelop/updatewin1.exe"; http_uri; depth:29; isdataat:!1,relative; content:"cjto.top"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372394/; classtype:trojan-activity;sid:81235494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vcruntime140.dll"; http_uri; depth:17; isdataat:!1,relative; content:"piedmontteem.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372393/; classtype:trojan-activity;sid:81235493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/softokn3.dll"; http_uri; depth:13; isdataat:!1,relative; content:"piedmontteem.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372392/; classtype:trojan-activity;sid:81235492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nss3.dll"; http_uri; depth:9; isdataat:!1,relative; content:"piedmontteem.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372391/; classtype:trojan-activity;sid:81235491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/msvcp140.dll"; http_uri; depth:13; isdataat:!1,relative; content:"piedmontteem.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372390/; classtype:trojan-activity;sid:81235490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozglue.dll"; http_uri; depth:12; isdataat:!1,relative; content:"piedmontteem.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372389/; classtype:trojan-activity;sid:81235489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/freebl3.dll"; http_uri; depth:12; isdataat:!1,relative; content:"piedmontteem.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372388/; classtype:trojan-activity;sid:81235488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vcruntime140.dll"; http_uri; depth:17; isdataat:!1,relative; content:"bristleconepin.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372387/; classtype:trojan-activity;sid:81235487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/softokn3.dll"; http_uri; depth:13; isdataat:!1,relative; content:"bristleconepin.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372386/; classtype:trojan-activity;sid:81235486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nss3.dll"; http_uri; depth:9; isdataat:!1,relative; content:"bristleconepin.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372385/; classtype:trojan-activity;sid:81235485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/msvcp140.dll"; http_uri; depth:13; isdataat:!1,relative; content:"bristleconepin.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372384/; classtype:trojan-activity;sid:81235484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozglue.dll"; http_uri; depth:12; isdataat:!1,relative; content:"bristleconepin.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372383/; classtype:trojan-activity;sid:81235483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/freebl3.dll"; http_uri; depth:12; isdataat:!1,relative; content:"bristleconepin.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372382/; classtype:trojan-activity;sid:81235482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dk2fcxuu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372381/; classtype:trojan-activity;sid:81235481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.63.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372380/; classtype:trojan-activity;sid:81235480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.81.178.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372379/; classtype:trojan-activity;sid:81235479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372378/; classtype:trojan-activity;sid:81235478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372377/; classtype:trojan-activity;sid:81235477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372376/; classtype:trojan-activity;sid:81235476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.190.148.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372375/; classtype:trojan-activity;sid:81235475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.17.77.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372374/; classtype:trojan-activity;sid:81235474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.7.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372373/; classtype:trojan-activity;sid:81235473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.12.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372372/; classtype:trojan-activity;sid:81235472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.178.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372371/; classtype:trojan-activity;sid:81235471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.95.78.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372370/; classtype:trojan-activity;sid:81235470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc/officebuilder.exe"; http_uri; depth:22; isdataat:!1,relative; content:"cloud-server-updater13.co.za"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372369/; classtype:trojan-activity;sid:81235469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"86.216.13.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372368/; classtype:trojan-activity;sid:81235468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"49.213.214.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372367/; classtype:trojan-activity;sid:81235467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"42.114.213.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372366/; classtype:trojan-activity;sid:81235466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372365/; classtype:trojan-activity;sid:81235465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372364/; classtype:trojan-activity;sid:81235464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372363/; classtype:trojan-activity;sid:81235463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.116.201.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372362/; classtype:trojan-activity;sid:81235462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.187.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372361/; classtype:trojan-activity;sid:81235461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.107.222.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372360/; classtype:trojan-activity;sid:81235460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.34.234.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372359/; classtype:trojan-activity;sid:81235459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.126.86.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372358/; classtype:trojan-activity;sid:81235458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.28.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372357/; classtype:trojan-activity;sid:81235457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.130.77.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372356/; classtype:trojan-activity;sid:81235456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372355/; classtype:trojan-activity;sid:81235455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.203.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372354/; classtype:trojan-activity;sid:81235454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.29.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_30; reference:url, urlhaus.abuse.ch/url/372353/; classtype:trojan-activity;sid:81235453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5wrj7kwk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372352/; classtype:trojan-activity;sid:81235452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/g09fkjed"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372351/; classtype:trojan-activity;sid:81235451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.x86"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.224.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372350/; classtype:trojan-activity;sid:81235450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.spc"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.224.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372349/; classtype:trojan-activity;sid:81235449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.224.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372348/; classtype:trojan-activity;sid:81235448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.224.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372347/; classtype:trojan-activity;sid:81235447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.224.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372346/; classtype:trojan-activity;sid:81235446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mips"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.224.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372345/; classtype:trojan-activity;sid:81235445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.224.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372344/; classtype:trojan-activity;sid:81235444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.224.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372343/; classtype:trojan-activity;sid:81235443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.224.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372342/; classtype:trojan-activity;sid:81235442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.224.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372341/; classtype:trojan-activity;sid:81235441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.224.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372340/; classtype:trojan-activity;sid:81235440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0dqzqqnx"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372339/; classtype:trojan-activity;sid:81235439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=9c5756116772d42a|7c|26|7c|resid=9c5756116772d42a!220|7c|26|7c|authkey=al5nj5aldwrtyna"; http_uri; depth:98; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372338/; classtype:trojan-activity;sid:81235438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/l0kzvup1"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372337/; classtype:trojan-activity;sid:81235437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/general/shipping_label.jar"; http_uri; depth:46; isdataat:!1,relative; content:"firstmathacademy.us"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372336/; classtype:trojan-activity;sid:81235436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.91.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372335/; classtype:trojan-activity;sid:81235435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.51.210.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372334/; classtype:trojan-activity;sid:81235434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.33.248.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372333/; classtype:trojan-activity;sid:81235433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.255.191.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372332/; classtype:trojan-activity;sid:81235432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372331/; classtype:trojan-activity;sid:81235431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372330/; classtype:trojan-activity;sid:81235430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372329/; classtype:trojan-activity;sid:81235429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.226.76.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372328/; classtype:trojan-activity;sid:81235428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.150.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372327/; classtype:trojan-activity;sid:81235427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.35.160.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372326/; classtype:trojan-activity;sid:81235426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.26.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372325/; classtype:trojan-activity;sid:81235425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.60.25.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372324/; classtype:trojan-activity;sid:81235424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/r0ebx8vs"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372323/; classtype:trojan-activity;sid:81235423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5n7bhxgq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372322/; classtype:trojan-activity;sid:81235422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uwxzdnrj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372321/; classtype:trojan-activity;sid:81235421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/u0tu6sy9"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372320/; classtype:trojan-activity;sid:81235420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qtaqety9"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372319/; classtype:trojan-activity;sid:81235419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/38ehbbwy"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372318/; classtype:trojan-activity;sid:81235418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; content:"159.203.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372317/; classtype:trojan-activity;sid:81235417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/yarn"; http_uri; depth:13; isdataat:!1,relative; content:"159.203.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372316/; classtype:trojan-activity;sid:81235416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"159.203.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372315/; classtype:trojan-activity;sid:81235415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/spc"; http_uri; depth:12; isdataat:!1,relative; content:"159.203.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372314/; classtype:trojan-activity;sid:81235414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; content:"159.203.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372313/; classtype:trojan-activity;sid:81235413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/rtk"; http_uri; depth:12; isdataat:!1,relative; content:"159.203.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372312/; classtype:trojan-activity;sid:81235412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; content:"159.203.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372311/; classtype:trojan-activity;sid:81235411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; content:"159.203.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372310/; classtype:trojan-activity;sid:81235410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"159.203.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372309/; classtype:trojan-activity;sid:81235409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"159.203.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372308/; classtype:trojan-activity;sid:81235408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; content:"159.203.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372307/; classtype:trojan-activity;sid:81235407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; content:"159.203.176.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372306/; classtype:trojan-activity;sid:81235406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zidtm9yw"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372305/; classtype:trojan-activity;sid:81235405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/urahgeqj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372304/; classtype:trojan-activity;sid:81235404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/8akrt1fm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372303/; classtype:trojan-activity;sid:81235403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xtgl5gvb"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372302/; classtype:trojan-activity;sid:81235402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"222.214.157.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372301/; classtype:trojan-activity;sid:81235401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1pemrrec"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372300/; classtype:trojan-activity;sid:81235400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1chgmdqrfhgbykdpluvl0fw3ochncuqyv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372299/; classtype:trojan-activity;sid:81235399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/707582029683752972/714585363271909415/1new_wznvpn_uictismjkb78.bin"; http_uri; depth:79; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372298/; classtype:trojan-activity;sid:81235398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1kw75nsrmob6clhgcvpy0h_apiammucmf"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372297/; classtype:trojan-activity;sid:81235397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1sclvwxflhg9ojrx8vyg6vut96q5gwm5n"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372296/; classtype:trojan-activity;sid:81235396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ydnkjum2i3h9eklyyixeyqpxfk6s-por"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372295/; classtype:trojan-activity;sid:81235395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=11otkk-wejdiuygzwz3srivjf7d63y7kw"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372294/; classtype:trojan-activity;sid:81235394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab/middlemay_eqhlpugc168.bin"; http_uri; depth:29; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372293/; classtype:trojan-activity;sid:81235393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=e424d4f4fe44dedf|7c|26|7c|resid=e424d4f4fe44dedf%21745|7c|26|7c|authkey=ah1i_jo73zgdxpc"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372292/; classtype:trojan-activity;sid:81235392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1bv0xzxpyths5qblrggyh8t6z8td3tuyp"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372291/; classtype:trojan-activity;sid:81235391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=e424d4f4fe44dedf|7c|26|7c|resid=e424d4f4fe44dedf%21746|7c|26|7c|authkey=ag1mhwlznwdxpw0"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372290/; classtype:trojan-activity;sid:81235390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1jmwpfmqtwuhtrlynmnvp75qkphv0medi"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372289/; classtype:trojan-activity;sid:81235389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372288/; classtype:trojan-activity;sid:81235388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"45.95.168.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372287/; classtype:trojan-activity;sid:81235387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372286/; classtype:trojan-activity;sid:81235386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"45.95.168.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372285/; classtype:trojan-activity;sid:81235385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372284/; classtype:trojan-activity;sid:81235384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"45.95.168.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372283/; classtype:trojan-activity;sid:81235383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372282/; classtype:trojan-activity;sid:81235382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vb/amakano.x86"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.96.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372281/; classtype:trojan-activity;sid:81235381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; content:"178.128.96.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372280/; classtype:trojan-activity;sid:81235380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"178.128.96.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372279/; classtype:trojan-activity;sid:81235379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tmuexvks"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372278/; classtype:trojan-activity;sid:81235378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/sffx0azz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372277/; classtype:trojan-activity;sid:81235377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/d8jx2rry"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372276/; classtype:trojan-activity;sid:81235376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.226.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372275/; classtype:trojan-activity;sid:81235375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.226.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372274/; classtype:trojan-activity;sid:81235374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372273/; classtype:trojan-activity;sid:81235373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372272/; classtype:trojan-activity;sid:81235372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372271/; classtype:trojan-activity;sid:81235371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.spc"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372270/; classtype:trojan-activity;sid:81235370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.226.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372269/; classtype:trojan-activity;sid:81235369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.mips"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.226.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372268/; classtype:trojan-activity;sid:81235368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.226.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372267/; classtype:trojan-activity;sid:81235367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"37.49.226.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372266/; classtype:trojan-activity;sid:81235366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/muxsqxvs"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372265/; classtype:trojan-activity;sid:81235365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372264/; classtype:trojan-activity;sid:81235364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"45.95.168.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372263/; classtype:trojan-activity;sid:81235363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/adb.sh"; http_uri; depth:7; isdataat:!1,relative; content:"37.49.226.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372262/; classtype:trojan-activity;sid:81235362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amen.x86"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372261/; classtype:trojan-activity;sid:81235361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/asd.sh"; http_uri; depth:7; isdataat:!1,relative; content:"45.77.138.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372260/; classtype:trojan-activity;sid:81235360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/infect2"; http_uri; depth:8; isdataat:!1,relative; content:"94.102.63.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372259/; classtype:trojan-activity;sid:81235359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/acrobatreader.apk"; http_uri; depth:18; isdataat:!1,relative; content:"inps-it.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372258/; classtype:trojan-activity;sid:81235358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xvh8ju5j"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372257/; classtype:trojan-activity;sid:81235357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372256/; classtype:trojan-activity;sid:81235356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372255/; classtype:trojan-activity;sid:81235355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372254/; classtype:trojan-activity;sid:81235354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372253/; classtype:trojan-activity;sid:81235353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372252/; classtype:trojan-activity;sid:81235352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372251/; classtype:trojan-activity;sid:81235351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.188.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372250/; classtype:trojan-activity;sid:81235350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.107.222.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372249/; classtype:trojan-activity;sid:81235349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.23.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372248/; classtype:trojan-activity;sid:81235348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372247/; classtype:trojan-activity;sid:81235347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372246/; classtype:trojan-activity;sid:81235346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/slip/swift.103_1873530473.gz"; http_uri; depth:29; isdataat:!1,relative; content:"sr.km-americanschool.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372245/; classtype:trojan-activity;sid:81235345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc/officebuilder.exe"; http_uri; depth:22; isdataat:!1,relative; content:"cloud-server-updater5.co.za"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372244/; classtype:trojan-activity;sid:81235344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/fedex-express-reference.exe"; http_uri; depth:47; isdataat:!1,relative; content:"mobdvservice.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372243/; classtype:trojan-activity;sid:81235343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc/officebuilder.exe"; http_uri; depth:22; isdataat:!1,relative; content:"cloud-server-updater9.co.za"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372242/; classtype:trojan-activity;sid:81235342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/he5ayt1r"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372241/; classtype:trojan-activity;sid:81235341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/confirmation.exe"; http_uri; depth:36; isdataat:!1,relative; content:"mobdvservice.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372240/; classtype:trojan-activity;sid:81235340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc/officebuilder.exe"; http_uri; depth:22; isdataat:!1,relative; content:"cloud-server-updater8.co.za"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372239/; classtype:trojan-activity;sid:81235339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc/officebuilder.exe"; http_uri; depth:22; isdataat:!1,relative; content:"cloud-server-updater2.co.za"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372238/; classtype:trojan-activity;sid:81235338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin_qzmexhy10.bin"; http_uri; depth:18; isdataat:!1,relative; content:"causticfrida.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372237/; classtype:trojan-activity;sid:81235337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=11nazslawbwkk1b4dfvielvvgwl48qhr6"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372236/; classtype:trojan-activity;sid:81235336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1l1aewan1l3_lk7dgs0xnzzh-zwablugt"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372235/; classtype:trojan-activity;sid:81235335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=f191ccc6e999117d|7c|26|7c|resid=f191ccc6e999117d%21224|7c|26|7c|authkey=abjrqbcggl37edq"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372234/; classtype:trojan-activity;sid:81235334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=24ef9e675b079af9|7c|26|7c|resid=24ef9e675b079af9%21156|7c|26|7c|authkey=alqvv8nixrvsqrk"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372233/; classtype:trojan-activity;sid:81235333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=555ed5c234830652|7c|26|7c|resid=555ed5c234830652%21190|7c|26|7c|authkey=agstxmdg9c1yxxy"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372232/; classtype:trojan-activity;sid:81235332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=24ef9e675b079af9|7c|26|7c|resid=24ef9e675b079af9%21155|7c|26|7c|authkey=afu-yax_gxxddoe"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372231/; classtype:trojan-activity;sid:81235331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/host_nfofrsroxt139.bin"; http_uri; depth:23; isdataat:!1,relative; content:"weallneedthismoney.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372230/; classtype:trojan-activity;sid:81235330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=fe85161c3947f2c1|7c|26|7c|resid=fe85161c3947f2c1%211441|7c|26|7c|authkey=agb6c1ecr91svrw"; http_uri; depth:101; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372229/; classtype:trojan-activity;sid:81235329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1tznjbhnnht1ku_rtjkiwq0yorpn1xepi"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372228/; classtype:trojan-activity;sid:81235328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/1stooazcyr88jmr/origin_cobhijxp234.bin/file"; http_uri; depth:49; isdataat:!1,relative; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372227/; classtype:trojan-activity;sid:81235327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=5012a067b5dec1df|7c|26|7c|resid=5012a067b5dec1df%21299|7c|26|7c|authkey=amicxuotubpok2c"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372226/; classtype:trojan-activity;sid:81235326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/f6j2dwjej3hhfms/origin_pmzasvfwws151.bin/file"; http_uri; depth:51; isdataat:!1,relative; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372225/; classtype:trojan-activity;sid:81235325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wlstsgex"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372224/; classtype:trojan-activity;sid:81235324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mq7gebns"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372223/; classtype:trojan-activity;sid:81235323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kwk4vyr1"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372222/; classtype:trojan-activity;sid:81235322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/confirmation21967pdf.7z"; http_uri; depth:43; isdataat:!1,relative; content:"mobdvservice.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372221/; classtype:trojan-activity;sid:81235321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.x86"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372220/; classtype:trojan-activity;sid:81235320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.spc"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372219/; classtype:trojan-activity;sid:81235319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372218/; classtype:trojan-activity;sid:81235318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372217/; classtype:trojan-activity;sid:81235317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372216/; classtype:trojan-activity;sid:81235316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mips"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372215/; classtype:trojan-activity;sid:81235315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372214/; classtype:trojan-activity;sid:81235314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372213/; classtype:trojan-activity;sid:81235313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372212/; classtype:trojan-activity;sid:81235312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372211/; classtype:trojan-activity;sid:81235311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372210/; classtype:trojan-activity;sid:81235310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"112.160.86.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372209/; classtype:trojan-activity;sid:81235309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aqxuxzu/nbsa_82756_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"globeegypt.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372208/; classtype:trojan-activity;sid:81235308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gg88wyaftcxr7gu/wo0zz.phpl=sfzs2.cab"; http_uri; depth:37; isdataat:!1,relative; content:"kwjqbk2fw9p8q5y.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372207/; classtype:trojan-activity;sid:81235307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.133.96.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372206/; classtype:trojan-activity;sid:81235306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"174.95.205.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372205/; classtype:trojan-activity;sid:81235305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/frby49gm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372204/; classtype:trojan-activity;sid:81235304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/athenam.sh4"; http_uri; depth:17; isdataat:!1,relative; content:"45.95.168.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372203/; classtype:trojan-activity;sid:81235303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/athenam.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"45.95.168.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372202/; classtype:trojan-activity;sid:81235302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/athenam.ppc"; http_uri; depth:17; isdataat:!1,relative; content:"45.95.168.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372201/; classtype:trojan-activity;sid:81235301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/athenam.mips"; http_uri; depth:18; isdataat:!1,relative; content:"45.95.168.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372200/; classtype:trojan-activity;sid:81235300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/athenam.m68k"; http_uri; depth:18; isdataat:!1,relative; content:"45.95.168.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372199/; classtype:trojan-activity;sid:81235299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/athenam.spc"; http_uri; depth:17; isdataat:!1,relative; content:"45.95.168.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372198/; classtype:trojan-activity;sid:81235298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/athenam.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"45.95.168.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372197/; classtype:trojan-activity;sid:81235297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/athenam.x86"; http_uri; depth:17; isdataat:!1,relative; content:"45.95.168.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372196/; classtype:trojan-activity;sid:81235296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uhbub84b"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372195/; classtype:trojan-activity;sid:81235295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/athenam.mpsl"; http_uri; depth:18; isdataat:!1,relative; content:"45.95.168.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372194/; classtype:trojan-activity;sid:81235294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3306"; http_uri; depth:5; isdataat:!1,relative; content:"98.159.110.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372193/; classtype:trojan-activity;sid:81235293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/htflwxphb/nbsa_0856740_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"www.vietnamesetravelagency.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372192/; classtype:trojan-activity;sid:81235292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tguzuxmdedgy/nbsa_494119_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"podoshva.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372191/; classtype:trojan-activity;sid:81235291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/auiovjzvnk/8327585/nbsa_8327585_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"noraschoepfer.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372190/; classtype:trojan-activity;sid:81235290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tqnsmrch/99283590/nbsa_99283590_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"axelfamily.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372189/; classtype:trojan-activity;sid:81235289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tqnsmrch/54494/nbsa_54494_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"axelfamily.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372188/; classtype:trojan-activity;sid:81235288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayopgzllwp/97439/nbsa_97439_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"www.goodhandsappliances.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372187/; classtype:trojan-activity;sid:81235287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ficfad/nbsa_204671514_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"womensvoicesmagazine.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372186/; classtype:trojan-activity;sid:81235286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hqalzrakueii/nbsa_561351927_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"woah90s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372185/; classtype:trojan-activity;sid:81235285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/anjaib/nbsa_861414613_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"wagswalkersaustin.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372184/; classtype:trojan-activity;sid:81235284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ppdfwpwbtd/847/nbsa_847_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"vectortrans.su"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372183/; classtype:trojan-activity;sid:81235283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ppdfwpwbtd/722973494/nbsa_722973494_28052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"vectortrans.su"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372182/; classtype:trojan-activity;sid:81235282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/evaymshhsa/32718367/nbsa_32718367_28052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"triangolodelbenessere.it"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372181/; classtype:trojan-activity;sid:81235281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qtpvax/nbsa_88920759_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"tomsoldmansionkochi.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372180/; classtype:trojan-activity;sid:81235280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fyjpuaypjehl/187079620/nbsa_187079620_28052020.zip"; http_uri; depth:51; isdataat:!1,relative; content:"test.mineralog.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372179/; classtype:trojan-activity;sid:81235279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ikarfeep/nbsa_4579490_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"termasdelacal.cl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372178/; classtype:trojan-activity;sid:81235278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bjrmq/330194991/nbsa_330194991_28052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"teknic.cl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372177/; classtype:trojan-activity;sid:81235277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vgibwitqksj/nbsa_13116815_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"tbacnet.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372176/; classtype:trojan-activity;sid:81235276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bgfleziist/61086/nbsa_61086_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"stjohnsnohomish.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372175/; classtype:trojan-activity;sid:81235275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zjeixcphncer/nbsa_92772_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"stiags.com.mx"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372174/; classtype:trojan-activity;sid:81235274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ruhtejtpzv/691/nbsa_691_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"sos-sv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372173/; classtype:trojan-activity;sid:81235273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abnexbmkthx/nbsa_29915317_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"sketchmeetup.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372172/; classtype:trojan-activity;sid:81235272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ompofgqgi/032659/nbsa_032659_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"siscotechnologysupply.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372171/; classtype:trojan-activity;sid:81235271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cuujzuxnek/nbsa_7314443_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"singlesunlimited.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372170/; classtype:trojan-activity;sid:81235270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cuujzuxnek/nbsa_6584_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"singlesunlimited.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372169/; classtype:trojan-activity;sid:81235269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cuujzuxnek/71452/nbsa_71452_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"singlesunlimited.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372168/; classtype:trojan-activity;sid:81235268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wmloqd/nbsa_2877555_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"shi-castfam.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372167/; classtype:trojan-activity;sid:81235267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wmloqd/5219/nbsa_5219_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"shi-castfam.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372166/; classtype:trojan-activity;sid:81235266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nljxiqek/nbsa_262602_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"sangalakiresort.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372165/; classtype:trojan-activity;sid:81235265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wdsnntiicy/827474/nbsa_827474_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"reverseforrealtors.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372164/; classtype:trojan-activity;sid:81235264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pzlnkda/nbsa_022043625_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"qudaih.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372163/; classtype:trojan-activity;sid:81235263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/emhtrqmnvyx/98543/nbsa_98543_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"princetonenvelopegroup.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372162/; classtype:trojan-activity;sid:81235262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tgozjmocoha/17126/nbsa_17126_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"ppaauditores.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372161/; classtype:trojan-activity;sid:81235261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ppmccnyuq/nbsa_60231720_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"poorhousewebdesigns.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372160/; classtype:trojan-activity;sid:81235260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uhsycamzxc/9817198/nbsa_9817198_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"podport.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372159/; classtype:trojan-activity;sid:81235259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obgxbnljgvyr/75937087/nbsa_75937087_28052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"phoenixgroupllc.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372158/; classtype:trojan-activity;sid:81235258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iygioqvvnct/nbsa_584_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"old.pubgvozd.by"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372157/; classtype:trojan-activity;sid:81235257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iygioqvvnct/98546693/nbsa_98546693_28052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"old.pubgvozd.by"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372156/; classtype:trojan-activity;sid:81235256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qmhuwhatt/8671200/nbsa_8671200_28052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"oem-online.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372155/; classtype:trojan-activity;sid:81235255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ehzws/287381/nbsa_287381_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"nepalsurvey.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372154/; classtype:trojan-activity;sid:81235254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wjrlh/77330310/nbsa_77330310_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"negociacioncolectiva.cl"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372153/; classtype:trojan-activity;sid:81235253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jammmijnjvxv/nbsa_60190_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"myprintshop.us"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372152/; classtype:trojan-activity;sid:81235252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wmffjcyl/032756/nbsa_032756_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"msdolany.cz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372151/; classtype:trojan-activity;sid:81235251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gayttwop/642799/nbsa_642799_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"moveinproperties.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372150/; classtype:trojan-activity;sid:81235250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gayttwop/13794816/nbsa_13794816_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"moveinproperties.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372149/; classtype:trojan-activity;sid:81235249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/upizfsps/nbsa_6323447_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"mountaineerhomeinspection.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372148/; classtype:trojan-activity;sid:81235248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ybdxqztzmnob/18051105/nbsa_18051105_28052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"moscadesigngroup.it"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372147/; classtype:trojan-activity;sid:81235247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zpjax/574/nbsa_574_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"mlds.go.th"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372146/; classtype:trojan-activity;sid:81235246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mjrtnfznqsbl/nbsa_89048152m_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"midweekspecials.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372145/; classtype:trojan-activity;sid:81235245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mjrtnfznqsbl/464272175/nbsa_464272175_28052020.zip"; http_uri; depth:51; isdataat:!1,relative; content:"midweekspecials.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372144/; classtype:trojan-activity;sid:81235244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yxjkb/9949/nbsa_9949_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"manurecouture.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372143/; classtype:trojan-activity;sid:81235243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mmxdjebsvla/nbsa_50489_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"lookingforlands.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372142/; classtype:trojan-activity;sid:81235242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/skndjsqfvfp/093/nbsa_093_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"logoflyerbrochuredesigninguaedubai.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372141/; classtype:trojan-activity;sid:81235241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yszznwnard/8551/nbsa_8551_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"liveoakmeadow.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372140/; classtype:trojan-activity;sid:81235240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dfmkghankuj/9212453/nbsa_9212453_28052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"linchcapital.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372139/; classtype:trojan-activity;sid:81235239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dfmkghankuj/84806/nbsa_84806_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"linchcapital.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372138/; classtype:trojan-activity;sid:81235238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/delptxr/nbsa_963_28052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"lamaja.cl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372137/; classtype:trojan-activity;sid:81235237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/delptxr/910806741/nbsa_910806741_28052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"lamaja.cl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372136/; classtype:trojan-activity;sid:81235236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ycrypbvqpa/7043/nbsa_7043_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"kingstoncrusaders.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372135/; classtype:trojan-activity;sid:81235235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbaoh/nbsa_4311_28052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"kemra.co.ke"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372134/; classtype:trojan-activity;sid:81235234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbaoh/2941/nbsa_2941_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"kemra.co.ke"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372133/; classtype:trojan-activity;sid:81235233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nuibybdewm/2589/nbsa_2589_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"kellamelectric.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372132/; classtype:trojan-activity;sid:81235232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bkwttucaas/nbsa_9617197_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"keizomatsuda.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372131/; classtype:trojan-activity;sid:81235231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xjazusffnhq/nbsa_05551420_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"janetwilliams.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372130/; classtype:trojan-activity;sid:81235230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oksvtqh/nbsa_5930753_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"jamesrivers.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372129/; classtype:trojan-activity;sid:81235229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bkyxko/862430/nbsa_862430_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"indianblackhead.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372128/; classtype:trojan-activity;sid:81235228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jdfdfhxgdml/nbsa_6205019_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"hegyhati-altisk.sulinet.hu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372127/; classtype:trojan-activity;sid:81235227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qdjegr/nbsa_887868369_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"heatingcareltd.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372126/; classtype:trojan-activity;sid:81235226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scojgvxhpk/1781/nbsa_1781_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"hallowgate.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372125/; classtype:trojan-activity;sid:81235225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zjutdfdi/22807080/nbsa_22807080_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"griffindev.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372124/; classtype:trojan-activity;sid:81235224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aqdsbqsa/nbsa_951_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"greenridgelawn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372123/; classtype:trojan-activity;sid:81235223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzpesz/5476/nbsa_5476_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"gardonyi-kaposvar.sulinet.hu"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372122/; classtype:trojan-activity;sid:81235222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzpesz/0197700/nbsa_0197700_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"gardonyi-kaposvar.sulinet.hu"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372121/; classtype:trojan-activity;sid:81235221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jaysrhz/33209002/nbsa_33209002_28052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"footholdfilms.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372120/; classtype:trojan-activity;sid:81235220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xhgjr/23174979/nbsa_23174979_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"fakeindustries.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372119/; classtype:trojan-activity;sid:81235219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ngliaigm/125592184/nbsa_125592184_28052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"escuelaonline.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372118/; classtype:trojan-activity;sid:81235218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/djwurd/12024100/nbsa_12024100_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"boteco1.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372117/; classtype:trojan-activity;sid:81235217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ngpfsykkkjbo/8629/nbsa_8629_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"befab.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372116/; classtype:trojan-activity;sid:81235216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vuykxytfl/946628275/nbsa_946628275_28052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"approved-products.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372115/; classtype:trojan-activity;sid:81235215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/usswz/53655352/nbsa_53655352_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"apofraxisavlonitis.gr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372114/; classtype:trojan-activity;sid:81235214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/axrhnheagpjc/1659703/nbsa_1659703_28052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"annk.com.ua"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372113/; classtype:trojan-activity;sid:81235213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sjpwen/nbsa_4028334_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"alase.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372112/; classtype:trojan-activity;sid:81235212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iqtkgsfyb/nbsa_82141560_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"africanchildleadfoundation.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372111/; classtype:trojan-activity;sid:81235211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wtuaxryy"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372110/; classtype:trojan-activity;sid:81235210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/sbznfawi"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372109/; classtype:trojan-activity;sid:81235209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kjckrscz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372108/; classtype:trojan-activity;sid:81235208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/look_attach_v0i"; http_uri; depth:25; isdataat:!1,relative; content:"1-university.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372107/; classtype:trojan-activity;sid:81235207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.23.253.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372106/; classtype:trojan-activity;sid:81235206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/athenam.arm"; http_uri; depth:17; isdataat:!1,relative; content:"45.95.168.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372105/; classtype:trojan-activity;sid:81235205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/athenam.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"45.95.168.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372104/; classtype:trojan-activity;sid:81235204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc/officebuilder.exe"; http_uri; depth:22; isdataat:!1,relative; content:"cloud-server-updater11.co.za"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372103/; classtype:trojan-activity;sid:81235203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/multitask/attack.jpg"; http_uri; depth:35; isdataat:!1,relative; content:"worldwidetechsecurity.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372102/; classtype:trojan-activity;sid:81235202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/megatron/multistation.vbs"; http_uri; depth:26; isdataat:!1,relative; content:"worldwidetechsecurity.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372101/; classtype:trojan-activity;sid:81235201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.70.127.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372100/; classtype:trojan-activity;sid:81235200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372099/; classtype:trojan-activity;sid:81235199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.243.19.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372098/; classtype:trojan-activity;sid:81235198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.37.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372097/; classtype:trojan-activity;sid:81235197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372096/; classtype:trojan-activity;sid:81235196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.53.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372095/; classtype:trojan-activity;sid:81235195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372094/; classtype:trojan-activity;sid:81235194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"140.237.249.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372093/; classtype:trojan-activity;sid:81235193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.26.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372092/; classtype:trojan-activity;sid:81235192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.0.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372091/; classtype:trojan-activity;sid:81235191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.187.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372090/; classtype:trojan-activity;sid:81235190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.50.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372089/; classtype:trojan-activity;sid:81235189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.70.32.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372088/; classtype:trojan-activity;sid:81235188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6xb1vpmj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372087/; classtype:trojan-activity;sid:81235187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1dmryauslyppcengpmvuz9-nu29ca2sh3"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372086/; classtype:trojan-activity;sid:81235186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1k5rr3dtmeuqpaydmknh54deocq0aiju4"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372085/; classtype:trojan-activity;sid:81235185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1p3rpsz_1sfp9nwvns7gqixxram1zp38l"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372084/; classtype:trojan-activity;sid:81235184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ecom8@raw_yvenfg9.bin"; http_uri; depth:22; isdataat:!1,relative; content:"hosseinsoltani.ir"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372083/; classtype:trojan-activity;sid:81235183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ned/n-bin_gumuo43.bin"; http_uri; depth:22; isdataat:!1,relative; content:"vitaltea.co.nz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372082/; classtype:trojan-activity;sid:81235182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1zoufavv4qsrmi5kamtzosn16oqk91ebn"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372081/; classtype:trojan-activity;sid:81235181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1fq5grcovjkyimnnvlrwe1iaop_8ibmwc"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372080/; classtype:trojan-activity;sid:81235180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1cesta-gseyohjbpdtjeuiyevt4hi3dvu"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372079/; classtype:trojan-activity;sid:81235179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=8d14d74eb13b02d0|7c|26|7c|resid=8d14d74eb13b02d0%21158|7c|26|7c|authkey=angcyyr-keximec"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372078/; classtype:trojan-activity;sid:81235178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"187.58.28.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372077/; classtype:trojan-activity;sid:81235177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zhzefbyu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372076/; classtype:trojan-activity;sid:81235176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5u04kf15"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372075/; classtype:trojan-activity;sid:81235175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=71b355bd756229c5|7c|26|7c|resid=71b355bd756229c5!3204|7c|26|7c|authkey=aapxsxusd80zpg4"; http_uri; depth:99; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372074/; classtype:trojan-activity;sid:81235174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=f8867408aefd1477|7c|26|7c|resid=f8867408aefd1477!3420|7c|26|7c|authkey=aprk74la7bgauro"; http_uri; depth:99; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372073/; classtype:trojan-activity;sid:81235173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=d268706d3c9d22a1|7c|26|7c|resid=d268706d3c9d22a1!490|7c|26|7c|authkey=ao3pg1_cffb2efk"; http_uri; depth:98; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372072/; classtype:trojan-activity;sid:81235172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=aaa6512788493b4f|7c|26|7c|resid=aaa6512788493b4f!532|7c|26|7c|authkey=aku2y3nigb7qhz4"; http_uri; depth:98; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372071/; classtype:trojan-activity;sid:81235171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=a747de38101794ad|7c|26|7c|resid=a747de38101794ad!1114|7c|26|7c|authkey=aayfcty51mwtyjg"; http_uri; depth:99; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372070/; classtype:trojan-activity;sid:81235170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=7c1fc7da38ab958e|7c|26|7c|resid=7c1fc7da38ab958e!146|7c|26|7c|authkey=aktmjqz8n4s_sbm"; http_uri; depth:98; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372069/; classtype:trojan-activity;sid:81235169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=46b98fe6f0d79519|7c|26|7c|resid=46b98fe6f0d79519!1850|7c|26|7c|authkey=als7pel7_8aswzs"; http_uri; depth:99; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372068/; classtype:trojan-activity;sid:81235168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=428f7a508c3dfab8|7c|26|7c|resid=428f7a508c3dfab8!180|7c|26|7c|authkey=aevhspjqp7vwaaa"; http_uri; depth:98; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372067/; classtype:trojan-activity;sid:81235167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=40170a61cd65b3e5|7c|26|7c|resid=40170a61cd65b3e5!794|7c|26|7c|authkey=akbljwd6h-irb-c"; http_uri; depth:98; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372066/; classtype:trojan-activity;sid:81235166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.aspxauthkey=!anhbzybkg3mekig|7c|26|7c|cid=21757e11f03b2792|7c|26|7c|resid=21757e11f03b2792!109|7c|26|7c|parid=root|7c|26|7c|o=oneup"; http_uri; depth:141; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372065/; classtype:trojan-activity;sid:81235165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"64.227.14.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372064/; classtype:trojan-activity;sid:81235164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"64.227.14.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372063/; classtype:trojan-activity;sid:81235163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"64.227.14.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372062/; classtype:trojan-activity;sid:81235162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"64.227.14.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372061/; classtype:trojan-activity;sid:81235161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"64.227.14.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372060/; classtype:trojan-activity;sid:81235160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"64.227.14.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372059/; classtype:trojan-activity;sid:81235159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"64.227.14.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372058/; classtype:trojan-activity;sid:81235158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"64.227.14.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372057/; classtype:trojan-activity;sid:81235157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"64.227.14.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372056/; classtype:trojan-activity;sid:81235156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"64.227.14.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372055/; classtype:trojan-activity;sid:81235155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"64.227.14.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372054/; classtype:trojan-activity;sid:81235154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"64.227.14.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372053/; classtype:trojan-activity;sid:81235153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/axisbins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"64.227.14.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372052/; classtype:trojan-activity;sid:81235152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dsvhl9av"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372051/; classtype:trojan-activity;sid:81235151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/evdekaliyorum.apk"; http_uri; depth:18; isdataat:!1,relative; content:"ferasaew.s3.eu-central-1.amazonaws.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372050/; classtype:trojan-activity;sid:81235150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rmc7tzdc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372049/; classtype:trojan-activity;sid:81235149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mework/xffd6zt1ubhgh9l.exe"; http_uri; depth:27; isdataat:!1,relative; content:"ourhajn.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372048/; classtype:trojan-activity;sid:81235148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; content:"45.95.168.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372047/; classtype:trojan-activity;sid:81235147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/yarn"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372046/; classtype:trojan-activity;sid:81235146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"45.95.168.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372045/; classtype:trojan-activity;sid:81235145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/rtk"; http_uri; depth:12; isdataat:!1,relative; content:"45.95.168.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372044/; classtype:trojan-activity;sid:81235144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372043/; classtype:trojan-activity;sid:81235143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; content:"45.95.168.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372042/; classtype:trojan-activity;sid:81235142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372041/; classtype:trojan-activity;sid:81235141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372040/; classtype:trojan-activity;sid:81235140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372039/; classtype:trojan-activity;sid:81235139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372038/; classtype:trojan-activity;sid:81235138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vsuers.sh"; http_uri; depth:10; isdataat:!1,relative; content:"193.228.91.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372037/; classtype:trojan-activity;sid:81235137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bxdlmi"; http_uri; depth:7; isdataat:!1,relative; content:"193.56.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372036/; classtype:trojan-activity;sid:81235136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/infect"; http_uri; depth:7; isdataat:!1,relative; content:"193.56.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372035/; classtype:trojan-activity;sid:81235135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ghpmuy"; http_uri; depth:7; isdataat:!1,relative; content:"193.56.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372034/; classtype:trojan-activity;sid:81235134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lqlakm"; http_uri; depth:7; isdataat:!1,relative; content:"193.56.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372033/; classtype:trojan-activity;sid:81235133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rlrtqe"; http_uri; depth:7; isdataat:!1,relative; content:"193.56.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372032/; classtype:trojan-activity;sid:81235132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rysypg"; http_uri; depth:7; isdataat:!1,relative; content:"193.56.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372031/; classtype:trojan-activity;sid:81235131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eoxmkb"; http_uri; depth:7; isdataat:!1,relative; content:"193.56.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372030/; classtype:trojan-activity;sid:81235130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nxftvi"; http_uri; depth:7; isdataat:!1,relative; content:"193.56.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372029/; classtype:trojan-activity;sid:81235129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yeansn"; http_uri; depth:7; isdataat:!1,relative; content:"193.56.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372028/; classtype:trojan-activity;sid:81235128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qokcon"; http_uri; depth:7; isdataat:!1,relative; content:"193.56.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372027/; classtype:trojan-activity;sid:81235127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wkomqp"; http_uri; depth:7; isdataat:!1,relative; content:"193.56.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372026/; classtype:trojan-activity;sid:81235126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vvahia"; http_uri; depth:7; isdataat:!1,relative; content:"193.56.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372025/; classtype:trojan-activity;sid:81235125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"191.23.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372024/; classtype:trojan-activity;sid:81235124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"89.237.68.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372023/; classtype:trojan-activity;sid:81235123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; content:"107.158.154.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372022/; classtype:trojan-activity;sid:81235122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"94.102.63.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372021/; classtype:trojan-activity;sid:81235121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins//arm5"; http_uri; depth:11; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372020/; classtype:trojan-activity;sid:81235120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"38.68.46.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372019/; classtype:trojan-activity;sid:81235119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"38.68.46.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372018/; classtype:trojan-activity;sid:81235118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"61.19.155.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372017/; classtype:trojan-activity;sid:81235117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"119.18.38.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372016/; classtype:trojan-activity;sid:81235116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.54.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372015/; classtype:trojan-activity;sid:81235115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.207.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372014/; classtype:trojan-activity;sid:81235114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.115.201.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372013/; classtype:trojan-activity;sid:81235113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.235.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372012/; classtype:trojan-activity;sid:81235112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.231.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372011/; classtype:trojan-activity;sid:81235111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372010/; classtype:trojan-activity;sid:81235110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.170.198.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372009/; classtype:trojan-activity;sid:81235109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/y1afy3fh"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372008/; classtype:trojan-activity;sid:81235108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mework/t0aon4jo6en1uom.exe"; http_uri; depth:27; isdataat:!1,relative; content:"ourhajn.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372007/; classtype:trojan-activity;sid:81235107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wwkzqeb/nbsa_108_28052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"fenixcgroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372006/; classtype:trojan-activity;sid:81235106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/delptxr/nbsa_794202017_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"lamaja.cl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372005/; classtype:trojan-activity;sid:81235105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kornths/nbsa_4881_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"psinsuranceservices.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372004/; classtype:trojan-activity;sid:81235104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tqnsmrch/474706039/nbsa_474706039_28052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"axelfamily.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372003/; classtype:trojan-activity;sid:81235103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3306"; http_uri; depth:5; isdataat:!1,relative; content:"98.159.110.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372002/; classtype:trojan-activity;sid:81235102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chprvdoc/svchost.exe"; http_uri; depth:21; isdataat:!1,relative; content:"sndychnesprvallanouthegreatsoustraofour.duckdns.org"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372001/; classtype:trojan-activity;sid:81235101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pzlnkda/nbsa_07316_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"qudaih.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/372000/; classtype:trojan-activity;sid:81235100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vqynh/5012/nbsa_5012_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"kertvarosi.sulinet.hu"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371999/; classtype:trojan-activity;sid:81235099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/phchdyf9"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371998/; classtype:trojan-activity;sid:81235098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jsfxei/51128/nbsa_51128_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"wrrodrigo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371997/; classtype:trojan-activity;sid:81235097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"161.35.54.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371996/; classtype:trojan-activity;sid:81235096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"161.35.54.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371995/; classtype:trojan-activity;sid:81235095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"161.35.54.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371994/; classtype:trojan-activity;sid:81235094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"161.35.54.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371993/; classtype:trojan-activity;sid:81235093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"161.35.54.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371992/; classtype:trojan-activity;sid:81235092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"161.35.54.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371991/; classtype:trojan-activity;sid:81235091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"161.35.54.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371990/; classtype:trojan-activity;sid:81235090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"161.35.54.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371989/; classtype:trojan-activity;sid:81235089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"161.35.54.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371988/; classtype:trojan-activity;sid:81235088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hnyfmoew/9035729/nbsa_9035729_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"minnesotainsuranceclaimcenter.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371987/; classtype:trojan-activity;sid:81235087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ptambrxn/nbsa_20949_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"mundoflorencia.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371986/; classtype:trojan-activity;sid:81235086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zywebg/334645/nbsa_334645_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"propertyboutique.co.ke"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371985/; classtype:trojan-activity;sid:81235085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nyoutlkv/2669159/nbsa_2669159_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"spaceimmigration.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371984/; classtype:trojan-activity;sid:81235084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=f191ccc6e999117d|7c|26|7c|resid=f191ccc6e999117d%21258|7c|26|7c|authkey=ajmuoh8pleudpok"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371983/; classtype:trojan-activity;sid:81235083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ssls3zev3ag9e_vicoyilooppc1gzcrc"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371982/; classtype:trojan-activity;sid:81235082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1mxqm5_lxrflmnq-phffblik_lq6gvutv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371981/; classtype:trojan-activity;sid:81235081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/binfle_cslvrnq88.bin"; http_uri; depth:26; isdataat:!1,relative; content:"www.stylam.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371980/; classtype:trojan-activity;sid:81235080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1w9npmosgli4gn8cce7kmpocowibqcwpt"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371979/; classtype:trojan-activity;sid:81235079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1dvo9hw7ro2x9tmb0n_ns8bqu7flmlsag"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371978/; classtype:trojan-activity;sid:81235078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1bqynqjectu9lyyk-gjo3sl21v1a7aknk"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371977/; classtype:trojan-activity;sid:81235077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1__aggaljdjtyvbktneqxz-ic0if0ga_f"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371976/; classtype:trojan-activity;sid:81235076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=2ffaa48ef4bec51a|7c|26|7c|resid=2ffaa48ef4bec51a%21107|7c|26|7c|authkey=aiohrvrc3uuo_cw"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371975/; classtype:trojan-activity;sid:81235075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iygioqvvnct/821681/nbsa_821681_28052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"old.pubgvozd.by"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371974/; classtype:trojan-activity;sid:81235074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vbiuvap/nbsa_0213336_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"www.ezratty.co.il"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371973/; classtype:trojan-activity;sid:81235073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/flsmmguiez/81751628/nbsa_81751628_28052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"eastfw.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371972/; classtype:trojan-activity;sid:81235072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ybdxqztzmnob/946387/nbsa_946387_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"moscadesigngroup.it"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371971/; classtype:trojan-activity;sid:81235071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ngpfsykkkjbo/nbsa_545612_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"befab.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371970/; classtype:trojan-activity;sid:81235070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/flekpyu/418/nbsa_418_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"tommillusions.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371969/; classtype:trojan-activity;sid:81235069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ptambrxn/28573104/nbsa_28573104_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"mundoflorencia.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371968/; classtype:trojan-activity;sid:81235068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qzqutonedqrg/nbsa_99721_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"roughridercampground.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371967/; classtype:trojan-activity;sid:81235067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ulebe/nbsa_4001966_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"areejquran.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371966/; classtype:trojan-activity;sid:81235066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/exgvr/nbsa_183326_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"timeoutshelter.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371965/; classtype:trojan-activity;sid:81235065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kornths/nbsa_493410470_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"psinsuranceservices.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371964/; classtype:trojan-activity;sid:81235064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rfiavavv/126294/nbsa_126294_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"descobriraurora.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371963/; classtype:trojan-activity;sid:81235063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ixxmhyh/4666/nbsa_4666_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"eury.kim"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371962/; classtype:trojan-activity;sid:81235062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qrysiqirchc/nbsa_77864916_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"oksanapyzh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371961/; classtype:trojan-activity;sid:81235061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/skndjsqfvfp/80893649/nbsa_80893649_28052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"logoflyerbrochuredesigninguaedubai.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371960/; classtype:trojan-activity;sid:81235060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mjrtnfznqsbl/nbsa_3365532_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"midweekspecials.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371959/; classtype:trojan-activity;sid:81235059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vuykxytfl/402824413/nbsa_402824413_28052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"approved-products.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371958/; classtype:trojan-activity;sid:81235058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iktcjhdkdzjb/50645772/nbsa_50645772_28052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"yummysweetfactory.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371957/; classtype:trojan-activity;sid:81235057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371956/; classtype:trojan-activity;sid:81235056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"45.95.168.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371955/; classtype:trojan-activity;sid:81235055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; content:"185.132.53.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371954/; classtype:trojan-activity;sid:81235054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"185.132.53.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371953/; classtype:trojan-activity;sid:81235053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gzuai/7199024/nbsa_7199024_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"podport.net.au"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371952/; classtype:trojan-activity;sid:81235052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lyspwiqinax/917720184/nbsa_917720184_28052020.zip"; http_uri; depth:50; isdataat:!1,relative; content:"healthyunet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371951/; classtype:trojan-activity;sid:81235051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hyonvda/nbsa_165534126_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"www.sample-supply.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371950/; classtype:trojan-activity;sid:81235050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sjpwen/583764328/nbsa_583764328_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"alase.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371949/; classtype:trojan-activity;sid:81235049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ngpfsykkkjbo/131/nbsa_131_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"befab.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371948/; classtype:trojan-activity;sid:81235048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/auiovjzvnk/nbsa_980617_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"noraschoepfer.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371947/; classtype:trojan-activity;sid:81235047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mjrtnfznqsbl/nbsa_0831200_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"midweekspecials.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371946/; classtype:trojan-activity;sid:81235046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jkqrsidyw/nbsa_57038610_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"hinducouncil.org.nz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371945/; classtype:trojan-activity;sid:81235045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iqcapoxl/nbsa_29959471_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"consorciorem.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371944/; classtype:trojan-activity;sid:81235044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yxjkb/nbsa_72538_28052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"manurecouture.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371943/; classtype:trojan-activity;sid:81235043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.34.35.33"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371942/; classtype:trojan-activity;sid:81235042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iticxy/0635/nbsa_0635_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"pizzahutghana.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371941/; classtype:trojan-activity;sid:81235041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ojkcke/578942/nbsa_578942_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"minimaltemplates.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371940/; classtype:trojan-activity;sid:81235040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"161.35.54.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371939/; classtype:trojan-activity;sid:81235039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"161.35.54.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371938/; classtype:trojan-activity;sid:81235038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jammmijnjvxv/646737/nbsa_646737_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"myprintshop.us"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371937/; classtype:trojan-activity;sid:81235037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubrclw/nbsa_527_28052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"uniqueappsolution.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371936/; classtype:trojan-activity;sid:81235036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ycrypbvqpa/075224062/nbsa_075224062_28052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"kingstoncrusaders.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371935/; classtype:trojan-activity;sid:81235035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/olkeycxk/nbsa_81295_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"cruiserrocks.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371934/; classtype:trojan-activity;sid:81235034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/npihqui/79333613/nbsa_79333613_28052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"pinoy-express.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371933/; classtype:trojan-activity;sid:81235033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/emhtrqmnvyx/647991/nbsa_647991_28052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"princetonenvelopegroup.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371932/; classtype:trojan-activity;sid:81235032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beikkqzh/nbsa_6708_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"multielectrical.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371931/; classtype:trojan-activity;sid:81235031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bxnopoad/20716/nbsa_20716_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"me-and-mom.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371930/; classtype:trojan-activity;sid:81235030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jjoyyjxd/nbsa_136294949_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"rouss.com.mx"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371929/; classtype:trojan-activity;sid:81235029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ajuvevjv/325/nbsa_325_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"yicodmalawi.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371928/; classtype:trojan-activity;sid:81235028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xlhrmzuh/314264/nbsa_314264_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"plentv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371927/; classtype:trojan-activity;sid:81235027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uhfxw/2975492/nbsa_2975492_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"woodworkingdm.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371926/; classtype:trojan-activity;sid:81235026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xkfvvfchi/5133044/nbsa_5133044_28052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"www.miguelimaz.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371925/; classtype:trojan-activity;sid:81235025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ngliaigm/nbsa_119_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"escuelaonline.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371924/; classtype:trojan-activity;sid:81235024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qzqutonedqrg/388968/nbsa_388968_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"roughridercampground.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371923/; classtype:trojan-activity;sid:81235023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aqxuxzu/nbsa_1044_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"globeegypt.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371922/; classtype:trojan-activity;sid:81235022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jlkfnmhtpnz/nbsa_13747_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"adairsoutfitting.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371921/; classtype:trojan-activity;sid:81235021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ybdxqztzmnob/114880771/nbsa_114880771_28052020.zip"; http_uri; depth:51; isdataat:!1,relative; content:"moscadesigngroup.it"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371920/; classtype:trojan-activity;sid:81235020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/skjqilcrnmff/nbsa_295_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"otgservices.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371919/; classtype:trojan-activity;sid:81235019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hqalzrakueii/560353/nbsa_560353_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"woah90s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371918/; classtype:trojan-activity;sid:81235018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mmxdjebsvla/8968/nbsa_8968_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"lookingforlands.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371917/; classtype:trojan-activity;sid:81235017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/znhejeqar/10428242/nbsa_10428242_28052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"luckylandethiopiatours.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371916/; classtype:trojan-activity;sid:81235016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/auiovjzvnk/nbsa_19996_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"noraschoepfer.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371915/; classtype:trojan-activity;sid:81235015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jaysrhz/nbsa_913418790_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"footholdfilms.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371914/; classtype:trojan-activity;sid:81235014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/htflwxphb/nbsa_936_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"www.vietnamesetravelagency.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371913/; classtype:trojan-activity;sid:81235013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ohrsd/7134927/nbsa_7134927_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"societyinshadow.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371912/; classtype:trojan-activity;sid:81235012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/baqhyw/nbsa_604_28052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"loshabitantesdegaia.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371911/; classtype:trojan-activity;sid:81235011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gejxme/nbsa_4981_28052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"yalma.kz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371910/; classtype:trojan-activity;sid:81235010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ppdfwpwbtd/050897/nbsa_050897_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"vectortrans.su"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371909/; classtype:trojan-activity;sid:81235009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iqcapoxl/909330/nbsa_909330_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"consorciorem.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371908/; classtype:trojan-activity;sid:81235008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/olkeycxk/3677/nbsa_3677_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"cruiserrocks.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371907/; classtype:trojan-activity;sid:81235007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mjrtnfznqsbl/05235375/nbsa_05235375_28052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"midweekspecials.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371906/; classtype:trojan-activity;sid:81235006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kmgwwfhhj/17698/nbsa_17698_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"202.co.za"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371905/; classtype:trojan-activity;sid:81235005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nbucjrkobna/nbsa_3437_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"godsavethecreamdenver.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371904/; classtype:trojan-activity;sid:81235004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hrrqii/9681/nbsa_9681_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"www.mayanmonkey.es"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371903/; classtype:trojan-activity;sid:81235003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nljxiqek/5849991/nbsa_5849991_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"sangalakiresort.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371902/; classtype:trojan-activity;sid:81235002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zpjax/900/nbsa_900_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"mlds.go.th"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371901/; classtype:trojan-activity;sid:81235001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ixxmhyh/591004581/nbsa_591004581_28052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"eury.kim"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371900/; classtype:trojan-activity;sid:81235000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dmvuiuayg/nbsa_36282846_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"angeloutdoor.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371899/; classtype:trojan-activity;sid:81234999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ujlmealo/62191127/nbsa_62191127_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"cedarspringri.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371898/; classtype:trojan-activity;sid:81234998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ficfad/520/nbsa_520_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"womensvoicesmagazine.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371897/; classtype:trojan-activity;sid:81234997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/japaofn/nbsa_907703_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"gldmaq.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371896/; classtype:trojan-activity;sid:81234996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wwkzqeb/822781306/nbsa_822781306_28052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"fenixcgroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371895/; classtype:trojan-activity;sid:81234995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/f76srxej"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371894/; classtype:trojan-activity;sid:81234994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/ucid=1oir3obsaxkhw_efzt4_eaopaqaf6p9r0|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371893/; classtype:trojan-activity;sid:81234993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i/mxnsdvfv/ali.exe"; http_uri; depth:19; isdataat:!1,relative; content:"uploadaz.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371891/; classtype:trojan-activity;sid:81234991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i/mxnsdvfv/ago.exe"; http_uri; depth:19; isdataat:!1,relative; content:"uploadaz.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371890/; classtype:trojan-activity;sid:81234990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pagament1.exe"; http_uri; depth:14; isdataat:!1,relative; content:"gstat.ausagistment.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371889/; classtype:trojan-activity;sid:81234989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xkfvvfchi/nbsa_941339342_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"www.miguelimaz.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371888/; classtype:trojan-activity;sid:81234988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mjrtnfznqsbl/nbsa_255507385_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"midweekspecials.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371887/; classtype:trojan-activity;sid:81234987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zywebg/01184305/nbsa_01184305_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"propertyboutique.co.ke"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371886/; classtype:trojan-activity;sid:81234986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tvvaqydrmpr/023606781/nbsa_023606781_28052020.zip"; http_uri; depth:50; isdataat:!1,relative; content:"sanctifyfitness.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371885/; classtype:trojan-activity;sid:81234985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tfoofvsb/47627/nbsa_47627_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"archipal.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371884/; classtype:trojan-activity;sid:81234984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbaoh/nbsa_9423_28052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"kemra.co.ke"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371883/; classtype:trojan-activity;sid:81234983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hyonvda/696590270/nbsa_696590270_28052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"www.sample-supply.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371882/; classtype:trojan-activity;sid:81234982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zpjax/1678332/nbsa_1678332_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"mlds.go.th"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371881/; classtype:trojan-activity;sid:81234981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qphjogto/nbsa_9746587_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"www.carewebshop.nl"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371880/; classtype:trojan-activity;sid:81234980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aqdsbqsa/nbsa_60097_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"greenridgelawn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371879/; classtype:trojan-activity;sid:81234979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/usswz/173/nbsa_173_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"apofraxisavlonitis.gr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371878/; classtype:trojan-activity;sid:81234978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vuykxytfl/872260/nbsa_872260_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"approved-products.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371877/; classtype:trojan-activity;sid:81234977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bjudvojuopvc/nbsa_7421_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"tikkunafrica.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371876/; classtype:trojan-activity;sid:81234976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ivienl/nbsa_3841_28052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"rksnsports.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371875/; classtype:trojan-activity;sid:81234975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iticxy/nbsa_22984848_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"pizzahutghana.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371874/; classtype:trojan-activity;sid:81234974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ytmstzcffa/nbsa_100551_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"haraline.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371873/; classtype:trojan-activity;sid:81234973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hnyfmoew/nbsa_90297_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"minnesotainsuranceclaimcenter.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371872/; classtype:trojan-activity;sid:81234972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qxkwmzvo/968928509/nbsa_968928509_28052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"khtwah.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371871/; classtype:trojan-activity;sid:81234971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ficfad/769/nbsa_769_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"womensvoicesmagazine.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371870/; classtype:trojan-activity;sid:81234970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ngliaigm/nbsa_618_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"escuelaonline.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371869/; classtype:trojan-activity;sid:81234969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vhtizjuckk/nbsa_43381_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"ityellow.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371868/; classtype:trojan-activity;sid:81234968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mjrtnfznqsbl/24176/nbsa_24176_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"midweekspecials.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371867/; classtype:trojan-activity;sid:81234967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jdfdfhxgdml/45971/nbsa_45971_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"hegyhati-altisk.sulinet.hu"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371866/; classtype:trojan-activity;sid:81234966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"23.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371865/; classtype:trojan-activity;sid:81234965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"23.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371864/; classtype:trojan-activity;sid:81234964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"23.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371863/; classtype:trojan-activity;sid:81234963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"23.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371862/; classtype:trojan-activity;sid:81234962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"23.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371861/; classtype:trojan-activity;sid:81234961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/~adosot/wp-inv.exe"; http_uri; depth:19; isdataat:!1,relative; content:"staff.www.ltu.se"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371860/; classtype:trojan-activity;sid:81234960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"23.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371859/; classtype:trojan-activity;sid:81234959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"23.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371858/; classtype:trojan-activity;sid:81234958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"23.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371857/; classtype:trojan-activity;sid:81234957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"23.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371856/; classtype:trojan-activity;sid:81234956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"23.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371855/; classtype:trojan-activity;sid:81234955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"23.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371854/; classtype:trojan-activity;sid:81234954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao15.cab"; http_uri; depth:29; isdataat:!1,relative; content:"ub1uxd9u4qz46t8y6s.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371853/; classtype:trojan-activity;sid:81234953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao1.cab"; http_uri; depth:28; isdataat:!1,relative; content:"ub1uxd9u4qz46t8y6s.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371852/; classtype:trojan-activity;sid:81234952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.87.73.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371850/; classtype:trojan-activity;sid:81234950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.114.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371849/; classtype:trojan-activity;sid:81234949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.33.141.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371848/; classtype:trojan-activity;sid:81234948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.12.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371847/; classtype:trojan-activity;sid:81234947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371846/; classtype:trojan-activity;sid:81234946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.212.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371845/; classtype:trojan-activity;sid:81234945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.179.1.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371844/; classtype:trojan-activity;sid:81234944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371843/; classtype:trojan-activity;sid:81234943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.1.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371842/; classtype:trojan-activity;sid:81234942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.170.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371841/; classtype:trojan-activity;sid:81234941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.35.161.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371840/; classtype:trojan-activity;sid:81234940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ulebe/082410652/nbsa_082410652_28052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"areejquran.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371839/; classtype:trojan-activity;sid:81234939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zjeixcphncer/621328566/nbsa_621328566_28052020.zip"; http_uri; depth:51; isdataat:!1,relative; content:"stiags.com.mx"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371838/; classtype:trojan-activity;sid:81234938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gayttwop/nbsa_58907_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"moveinproperties.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371837/; classtype:trojan-activity;sid:81234937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mmxdjebsvla/nbsa_33762_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"lookingforlands.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371836/; classtype:trojan-activity;sid:81234936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gzuai/nbsa_007918848_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"podport.net.au"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371835/; classtype:trojan-activity;sid:81234935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hrrqii/549/nbsa_549_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"www.mayanmonkey.es"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371834/; classtype:trojan-activity;sid:81234934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lyspwiqinax/nbsa_630621931_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"healthyunet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371833/; classtype:trojan-activity;sid:81234933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oupcdybktmus/nbsa_806_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"livinglife.rs"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371832/; classtype:trojan-activity;sid:81234932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/czoaai/nbsa_029725_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"modernee.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371831/; classtype:trojan-activity;sid:81234931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kojzcnbkp/4871/nbsa_4871_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"kingtastyfood.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371830/; classtype:trojan-activity;sid:81234930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tximq/8953/nbsa_8953_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"nicolyndesign.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371829/; classtype:trojan-activity;sid:81234929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ppmccnyuq/283217269/nbsa_283217269_28052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"poorhousewebdesigns.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371828/; classtype:trojan-activity;sid:81234928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xfvqkiar/976/nbsa_976_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"vanessahu.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371827/; classtype:trojan-activity;sid:81234927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xhgjr/nbsa_13756_28052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"fakeindustries.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371826/; classtype:trojan-activity;sid:81234926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xlhrmzuh/03744/nbsa_03744_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"plentv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371825/; classtype:trojan-activity;sid:81234925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/czoaai/nbsa_7302_28052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"modernee.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371824/; classtype:trojan-activity;sid:81234924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hqalzrakueii/60642/nbsa_60642_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"woah90s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371822/; classtype:trojan-activity;sid:81234922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oqrigzyx/105370432/nbsa_105370432_28052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"ligacolegialff.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371821/; classtype:trojan-activity;sid:81234921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nwaumumppr/822431/dqor_822431_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"test.lampa23.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371820/; classtype:trojan-activity;sid:81234920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fvavkfn/0228/nbsa_0228_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"signageindubai.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371819/; classtype:trojan-activity;sid:81234919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wwkzqeb/5675344/nbsa_5675344_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"fenixcgroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371818/; classtype:trojan-activity;sid:81234918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hilsupti/1633/nbsa_1633_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"stint.by"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371817/; classtype:trojan-activity;sid:81234917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/djwurd/1814/nbsa_1814_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"boteco1.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371816/; classtype:trojan-activity;sid:81234916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"23.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371815/; classtype:trojan-activity;sid:81234915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yoyobins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"23.95.11.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371814/; classtype:trojan-activity;sid:81234914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"68.83.20.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371813/; classtype:trojan-activity;sid:81234913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yszznwnard/2794/nbsa_2794_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"liveoakmeadow.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371812/; classtype:trojan-activity;sid:81234912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lyspwiqinax/nbsa_8003822_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"healthyunet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371811/; classtype:trojan-activity;sid:81234911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iticxy/081301949/nbsa_081301949_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"pizzahutghana.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371810/; classtype:trojan-activity;sid:81234910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bvjlskc/596765847/nbsa_596765847_28052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"mmskiracing.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371809/; classtype:trojan-activity;sid:81234909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ppdfwpwbtd/nbsa_72082_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"vectortrans.su"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371808/; classtype:trojan-activity;sid:81234908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xkfvvfchi/221220876/nbsa_221220876_28052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"www.miguelimaz.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371807/; classtype:trojan-activity;sid:81234907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uhsycamzxc/682159/nbsa_682159_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"podport.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371806/; classtype:trojan-activity;sid:81234906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nyoutlkv/8674558/nbsa_8674558_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"spaceimmigration.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371805/; classtype:trojan-activity;sid:81234905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mmxdjebsvla/nbsa_79784607_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"lookingforlands.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371804/; classtype:trojan-activity;sid:81234904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftrnakgp/44584/nbsa_44584_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"emsbchorale.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371803/; classtype:trojan-activity;sid:81234903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/baqhyw/56953/nbsa_56953_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"loshabitantesdegaia.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371802/; classtype:trojan-activity;sid:81234902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/auiovjzvnk/nbsa_654612111_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"noraschoepfer.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371801/; classtype:trojan-activity;sid:81234901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bghazntkdk/nbsa_900647768_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"tomsonsons.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371800/; classtype:trojan-activity;sid:81234900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oupcdybktmus/nbsa_98618_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"livinglife.rs"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371799/; classtype:trojan-activity;sid:81234899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zywebg/4445439/nbsa_4445439_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"propertyboutique.co.ke"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371798/; classtype:trojan-activity;sid:81234898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ficfad/nbsa_8586_28052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"womensvoicesmagazine.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371797/; classtype:trojan-activity;sid:81234897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mtxnhkrzlknf/464144149/nbsa_464144149_28052020.zip"; http_uri; depth:51; isdataat:!1,relative; content:"no-afiles.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371796/; classtype:trojan-activity;sid:81234896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kojzcnbkp/nbsa_3815351_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"kingtastyfood.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371795/; classtype:trojan-activity;sid:81234895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hilsupti/nbsa_825701_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"stint.by"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371794/; classtype:trojan-activity;sid:81234894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nyyzwt/9185/nbsa_9185_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"holyfamilygh.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371793/; classtype:trojan-activity;sid:81234893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i/mxnsdvfv/elb.exe"; http_uri; depth:19; isdataat:!1,relative; content:"uploadaz.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371792/; classtype:trojan-activity;sid:81234892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ppmccnyuq/nbsa_85499_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"poorhousewebdesigns.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371791/; classtype:trojan-activity;sid:81234891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ficfad/nbsa_043_28052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"womensvoicesmagazine.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371790/; classtype:trojan-activity;sid:81234890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/evaymshhsa/501983485/nbsa_501983485_28052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"triangolodelbenessere.it"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371789/; classtype:trojan-activity;sid:81234889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ggqocnfaokly/61959/nbsa_61959_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"susham.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371788/; classtype:trojan-activity;sid:81234888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ohrsd/nbsa_37570471_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"societyinshadow.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371787/; classtype:trojan-activity;sid:81234887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bqkuacullllh/nbsa_386205790_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"dr-basic-psihijatar.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371786/; classtype:trojan-activity;sid:81234886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xjhfr/688128/nbsa_688128_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"buckeyechartershiltonhead.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371785/; classtype:trojan-activity;sid:81234885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ngliaigm/817/nbsa_817_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"escuelaonline.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371784/; classtype:trojan-activity;sid:81234884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hilsupti/36676/nbsa_36676_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"stint.by"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371783/; classtype:trojan-activity;sid:81234883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gckzsnf/428/nbsa_428_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"dage.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371782/; classtype:trojan-activity;sid:81234882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kojzcnbkp/nbsa_538_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"kingtastyfood.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371781/; classtype:trojan-activity;sid:81234881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nljxiqek/nbsa_064971543_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"sangalakiresort.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371780/; classtype:trojan-activity;sid:81234880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tgozjmocoha/15683/nbsa_15683_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"ppaauditores.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371779/; classtype:trojan-activity;sid:81234879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.250.159.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371778/; classtype:trojan-activity;sid:81234878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dhcoeipdnojs/047/nbsa_047_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"royalparkhotelksi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371777/; classtype:trojan-activity;sid:81234877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzbhes/nbsa_5667926_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"ljclinic.ge"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371776/; classtype:trojan-activity;sid:81234876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beikkqzh/nbsa_54143_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"multielectrical.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371775/; classtype:trojan-activity;sid:81234875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hilsupti/nbsa_538_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"stint.by"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371774/; classtype:trojan-activity;sid:81234874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ojkcke/5474/nbsa_5474_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"minimaltemplates.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371773/; classtype:trojan-activity;sid:81234873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/flsmmguiez/nbsa_26190_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"eastfw.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371772/; classtype:trojan-activity;sid:81234872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nyyzwt/112/nbsa_112_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"holyfamilygh.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371771/; classtype:trojan-activity;sid:81234871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gpkgnq/nbsa_92578_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"coffeesolutions.com.ua"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371770/; classtype:trojan-activity;sid:81234870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bvjlskc/nbsa_4645884_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"mmskiracing.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371769/; classtype:trojan-activity;sid:81234869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wwkzqeb/nbsa_818264_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"fenixcgroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371768/; classtype:trojan-activity;sid:81234868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bxnopoad/nbsa_42666079_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"me-and-mom.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371767/; classtype:trojan-activity;sid:81234867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oksvtqh/nbsa_25770155_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"jamesrivers.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371766/; classtype:trojan-activity;sid:81234866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uakjfoh/817459449/nbsa_817459449_28052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"awjohnson.ca"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371765/; classtype:trojan-activity;sid:81234865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/navozqy/406306/nbsa_406306_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"rwsim.co.nz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371764/; classtype:trojan-activity;sid:81234864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fvavkfn/90742748/nbsa_90742748_28052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"signageindubai.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371763/; classtype:trojan-activity;sid:81234863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/krtioxabwrp/nbsa_565618_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"phbusinesscouncil.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371762/; classtype:trojan-activity;sid:81234862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/baqhyw/nbsa_219672_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"loshabitantesdegaia.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371761/; classtype:trojan-activity;sid:81234861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iktcjhdkdzjb/222978/nbsa_222978_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"yummysweetfactory.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371760/; classtype:trojan-activity;sid:81234860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xfvqkiar/nbsa_28733_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"vanessahu.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371759/; classtype:trojan-activity;sid:81234859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qruyxlrkucm/0848817/nbsa_0848817_28052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"www.searchcoralsprings.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371758/; classtype:trojan-activity;sid:81234858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gzuai/nbsa_6640696_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"podport.net.au"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371757/; classtype:trojan-activity;sid:81234857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nuibybdewm/nbsa_550_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"kellamelectric.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371756/; classtype:trojan-activity;sid:81234856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iktcjhdkdzjb/nbsa_8256_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"yummysweetfactory.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371755/; classtype:trojan-activity;sid:81234855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/djwurd/12988/nbsa_12988_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"boteco1.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371754/; classtype:trojan-activity;sid:81234854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qruyxlrkucm/146235/nbsa_146235_28052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"www.searchcoralsprings.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371753/; classtype:trojan-activity;sid:81234853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lyspwiqinax/nbsa_341947238_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"healthyunet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371752/; classtype:trojan-activity;sid:81234852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tgozjmocoha/nbsa_621446_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"ppaauditores.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371751/; classtype:trojan-activity;sid:81234851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oksvtqh/nbsa_1869754_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"jamesrivers.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371750/; classtype:trojan-activity;sid:81234850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zjeixcphncer/nbsa_2952431_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"stiags.com.mx"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371749/; classtype:trojan-activity;sid:81234849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qrysiqirchc/nbsa_842255_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"oksanapyzh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371748/; classtype:trojan-activity;sid:81234848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qrysiqirchc/nbsa_7170_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"oksanapyzh.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371747/; classtype:trojan-activity;sid:81234847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mtxnhkrzlknf/3215/nbsa_3215_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"no-afiles.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371746/; classtype:trojan-activity;sid:81234846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iqtkgsfyb/nbsa_9663287_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"africanchildleadfoundation.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371745/; classtype:trojan-activity;sid:81234845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dgmql/9291391/nbsa_9291391_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"es-ag.de"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371744/; classtype:trojan-activity;sid:81234844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jjoyyjxd/213273898/nbsa_213273898_28052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"rouss.com.mx"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371743/; classtype:trojan-activity;sid:81234843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ompofgqgi/171679/nbsa_171679_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"siscotechnologysupply.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371742/; classtype:trojan-activity;sid:81234842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jjoyyjxd/nbsa_600_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"rouss.com.mx"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371741/; classtype:trojan-activity;sid:81234841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vgibwitqksj/nbsa_024614_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"tbacnet.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371740/; classtype:trojan-activity;sid:81234840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rwbhkkqqwkl/nbsa_585135532_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"whitedovecare.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371739/; classtype:trojan-activity;sid:81234839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/baqhyw/nbsa_637238550_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"loshabitantesdegaia.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371738/; classtype:trojan-activity;sid:81234838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dgmql/71491/nbsa_71491_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"es-ag.de"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371737/; classtype:trojan-activity;sid:81234837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abnexbmkthx/nbsa_0962_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"sketchmeetup.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371736/; classtype:trojan-activity;sid:81234836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dkolipwq/6474974/nbsa_6474974_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"imobilis.co.mz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371735/; classtype:trojan-activity;sid:81234835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tfoofvsb/4928686/nbsa_4928686_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"archipal.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371734/; classtype:trojan-activity;sid:81234834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xoczct/518/nbsa_518_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"guysealey.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371733/; classtype:trojan-activity;sid:81234833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xhgjr/nbsa_2548459_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"fakeindustries.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371732/; classtype:trojan-activity;sid:81234832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gbfqy/nbsa_09491_28052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"joshuawdavies.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371731/; classtype:trojan-activity;sid:81234831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bjudvojuopvc/565719007/nbsa_565719007_28052020.zip"; http_uri; depth:51; isdataat:!1,relative; content:"tikkunafrica.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371730/; classtype:trojan-activity;sid:81234830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/htflwxphb/03462/nbsa_03462_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"www.vietnamesetravelagency.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371729/; classtype:trojan-activity;sid:81234829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rwbhkkqqwkl/316557/nbsa_316557_28052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"whitedovecare.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371728/; classtype:trojan-activity;sid:81234828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vbiuvap/4076948/nbsa_4076948_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"www.ezratty.co.il"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371727/; classtype:trojan-activity;sid:81234827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abnexbmkthx/nbsa_740195_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"sketchmeetup.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371726/; classtype:trojan-activity;sid:81234826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nyyzwt/nbsa_01770_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"holyfamilygh.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371725/; classtype:trojan-activity;sid:81234825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ixxmhyh/131861/nbsa_131861_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"eury.kim"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371724/; classtype:trojan-activity;sid:81234824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/djwurd/nbsa_654_28052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"boteco1.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371723/; classtype:trojan-activity;sid:81234823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubrclw/680673385/nbsa_680673385_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"uniqueappsolution.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371722/; classtype:trojan-activity;sid:81234822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jammmijnjvxv/8033/nbsa_8033_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"myprintshop.us"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371721/; classtype:trojan-activity;sid:81234821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/receipt/invoice_112219.doc"; http_uri; depth:27; isdataat:!1,relative; content:"sndychnesprvallanouthegreatsoustraofour.duckdns.org"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371720/; classtype:trojan-activity;sid:81234820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"2.83.222.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371719/; classtype:trojan-activity;sid:81234819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"121.157.147.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371718/; classtype:trojan-activity;sid:81234818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ytmstzcffa/nbsa_8666_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"haraline.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371717/; classtype:trojan-activity;sid:81234817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hyonvda/265425/nbsa_265425_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"www.sample-supply.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371716/; classtype:trojan-activity;sid:81234816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/emhtrqmnvyx/nbsa_061724930_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"princetonenvelopegroup.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371715/; classtype:trojan-activity;sid:81234815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wwkzqeb/372768200/nbsa_372768200_28052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"fenixcgroup.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371714/; classtype:trojan-activity;sid:81234814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cvyhqu/42885136/nbsa_42885136_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"itjob.kh.ua"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371713/; classtype:trojan-activity;sid:81234813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fvavkfn/nbsa_3173452_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"signageindubai.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371712/; classtype:trojan-activity;sid:81234812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lhzdkits/nbsa_41729502_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"ldmeetings.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371711/; classtype:trojan-activity;sid:81234811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qtpvax/nbsa_384362946_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"tomsoldmansionkochi.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371710/; classtype:trojan-activity;sid:81234810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rwbhkkqqwkl/09266210/nbsa_09266210_28052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"whitedovecare.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371709/; classtype:trojan-activity;sid:81234809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oqrigzyx/709711/nbsa_709711_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"ligacolegialff.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371708/; classtype:trojan-activity;sid:81234808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scojgvxhpk/nbsa_403364541_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"hallowgate.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371707/; classtype:trojan-activity;sid:81234807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m3yt6.pif"; http_uri; depth:10; isdataat:!1,relative; content:"u.teknik.io"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371706/; classtype:trojan-activity;sid:81234806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ycrypbvqpa/656993/nbsa_656993_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"kingstoncrusaders.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371705/; classtype:trojan-activity;sid:81234805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/flxxqozwshwn/9770054/nbsa_9770054_28052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"gvexcelsior.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371704/; classtype:trojan-activity;sid:81234804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xkfvvfchi/nbsa_10873_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"www.miguelimaz.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371703/; classtype:trojan-activity;sid:81234803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vbiuvap/nbsa_922_28052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"www.ezratty.co.il"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371702/; classtype:trojan-activity;sid:81234802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxmojhhqn/298426479/nbsa_298426479_28052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"rockinghamgrapevine.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371701/; classtype:trojan-activity;sid:81234801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzpesz/nbsa_4845380_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"gardonyi-kaposvar.sulinet.hu"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371700/; classtype:trojan-activity;sid:81234800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ngpfsykkkjbo/895/nbsa_895_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"befab.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371699/; classtype:trojan-activity;sid:81234799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beikkqzh/nbsa_249_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"multielectrical.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371698/; classtype:trojan-activity;sid:81234798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/anjaib/nbsa_463_28052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"wagswalkersaustin.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371697/; classtype:trojan-activity;sid:81234797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tximq/nbsa_27340_28052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"nicolyndesign.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371696/; classtype:trojan-activity;sid:81234796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dkolipwq/96954/nbsa_96954_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"imobilis.co.mz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371695/; classtype:trojan-activity;sid:81234795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bghazntkdk/nbsa_35591084_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"tomsonsons.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371694/; classtype:trojan-activity;sid:81234794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mmxdjebsvla/9443/nbsa_9443_28052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"lookingforlands.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371693/; classtype:trojan-activity;sid:81234793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zjutdfdi/4106/nbsa_4106_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"griffindev.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371692/; classtype:trojan-activity;sid:81234792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/npihqui/35704/nbsa_35704_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"pinoy-express.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371691/; classtype:trojan-activity;sid:81234791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kmgwwfhhj/nbsa_7216_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"202.co.za"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371690/; classtype:trojan-activity;sid:81234790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oksvtqh/76185/nbsa_76185_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"jamesrivers.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371689/; classtype:trojan-activity;sid:81234789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yszznwnard/830651/nbsa_830651_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"liveoakmeadow.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371688/; classtype:trojan-activity;sid:81234788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/navozqy/908/nbsa_908_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"rwsim.co.nz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371687/; classtype:trojan-activity;sid:81234787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzpesz/7341/nbsa_7341_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"gardonyi-kaposvar.sulinet.hu"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371686/; classtype:trojan-activity;sid:81234786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zjeixcphncer/1853254/nbsa_1853254_28052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"stiags.com.mx"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371685/; classtype:trojan-activity;sid:81234785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ikarfeep/nbsa_1930358_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"termasdelacal.cl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371684/; classtype:trojan-activity;sid:81234784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xoczct/nbsa_65959858_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"guysealey.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371683/; classtype:trojan-activity;sid:81234783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftrnakgp/06606443/nbsa_06606443_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"emsbchorale.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371682/; classtype:trojan-activity;sid:81234782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/flxxqozwshwn/03657/nbsa_03657_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"gvexcelsior.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371681/; classtype:trojan-activity;sid:81234781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/znhejeqar/955/nbsa_955_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"luckylandethiopiatours.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371680/; classtype:trojan-activity;sid:81234780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kojzcnbkp/7070095/nbsa_7070095_28052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"kingtastyfood.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371679/; classtype:trojan-activity;sid:81234779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gckzsnf/nbsa_11450_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"dage.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371678/; classtype:trojan-activity;sid:81234778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bkyxko/nbsa_990_28052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"indianblackhead.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371677/; classtype:trojan-activity;sid:81234777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bmnhubtlz/nbsa_6059793_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"pokharavacations.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371676/; classtype:trojan-activity;sid:81234776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gayttwop/71646/nbsa_71646_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"moveinproperties.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371675/; classtype:trojan-activity;sid:81234775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wjrlh/nbsa_870_28052020.zip"; http_uri; depth:28; isdataat:!1,relative; content:"negociacioncolectiva.cl"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371674/; classtype:trojan-activity;sid:81234774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tqnsmrch/705081109/nbsa_705081109_28052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"axelfamily.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371673/; classtype:trojan-activity;sid:81234773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ngliaigm/nbsa_88094906_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"escuelaonline.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371672/; classtype:trojan-activity;sid:81234772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzbhes/nbsa_13824713_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"ljclinic.ge"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371671/; classtype:trojan-activity;sid:81234771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xjazusffnhq/354801904/nbsa_354801904_28052020.zip"; http_uri; depth:50; isdataat:!1,relative; content:"janetwilliams.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371670/; classtype:trojan-activity;sid:81234770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzpesz/nbsa_562912019_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"gardonyi-kaposvar.sulinet.hu"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371669/; classtype:trojan-activity;sid:81234769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nyyzwt/nbsa_266071_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"holyfamilygh.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371668/; classtype:trojan-activity;sid:81234768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hilsupti/nbsa_1429_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"stint.by"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371667/; classtype:trojan-activity;sid:81234767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbaoh/260923/nbsa_260923_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"kemra.co.ke"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371666/; classtype:trojan-activity;sid:81234766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zpjax/nbsa_9213_28052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"mlds.go.th"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371665/; classtype:trojan-activity;sid:81234765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dengtrufe/601/nbsa_601_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"knoxvillecrossfit.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371664/; classtype:trojan-activity;sid:81234764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ompofgqgi/nbsa_77818036_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"siscotechnologysupply.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371663/; classtype:trojan-activity;sid:81234763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qruyxlrkucm/nbsa_717_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"www.searchcoralsprings.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371662/; classtype:trojan-activity;sid:81234762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsufwqnraba/nbsa_64405_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"mannam.cat"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371661/; classtype:trojan-activity;sid:81234761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stpzqam/nbsa_448105_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"nirmalempire.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371660/; classtype:trojan-activity;sid:81234760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/flxxqozwshwn/nbsa_368899_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"gvexcelsior.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371659/; classtype:trojan-activity;sid:81234759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gjobjxmzfzdg/nbsa_683257_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"test.docult.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371658/; classtype:trojan-activity;sid:81234758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beikkqzh/nbsa_316_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"multielectrical.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371657/; classtype:trojan-activity;sid:81234757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsufwqnraba/97534/nbsa_97534_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"mannam.cat"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371656/; classtype:trojan-activity;sid:81234756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stpzqam/73650/nbsa_73650_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"nirmalempire.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371655/; classtype:trojan-activity;sid:81234755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/navozqy/nbsa_5768_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"rwsim.co.nz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371654/; classtype:trojan-activity;sid:81234754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ppmccnyuq/nbsa_627270_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"poorhousewebdesigns.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371653/; classtype:trojan-activity;sid:81234753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pzlnkda/6795448/nbsa_6795448_28052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"qudaih.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371652/; classtype:trojan-activity;sid:81234752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rwbhkkqqwkl/nbsa_0496_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"whitedovecare.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371651/; classtype:trojan-activity;sid:81234751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ppdfwpwbtd/3761/nbsa_3761_28052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"vectortrans.su"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371650/; classtype:trojan-activity;sid:81234750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bvjlskc/75486/nbsa_75486_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"mmskiracing.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371649/; classtype:trojan-activity;sid:81234749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cuujzuxnek/58816/nbsa_58816_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"singlesunlimited.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371648/; classtype:trojan-activity;sid:81234748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mdcso/nbsa_708845_28052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"danzee.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371647/; classtype:trojan-activity;sid:81234747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dfmkghankuj/nbsa_8492320_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"linchcapital.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371646/; classtype:trojan-activity;sid:81234746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dmvuiuayg/35275788/nbsa_35275788_28052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"angeloutdoor.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371645/; classtype:trojan-activity;sid:81234745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mynzvnam/889842/nbsa_889842_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"social-gc.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371644/; classtype:trojan-activity;sid:81234744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aqxuxzu/nbsa_834_28052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"globeegypt.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371643/; classtype:trojan-activity;sid:81234743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ulebe/095/nbsa_095_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"areejquran.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371642/; classtype:trojan-activity;sid:81234742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uhsycamzxc/36759/nbsa_36759_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"podport.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371641/; classtype:trojan-activity;sid:81234741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tgozjmocoha/nbsa_052995_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"ppaauditores.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371640/; classtype:trojan-activity;sid:81234740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nbucjrkobna/nbsa_495_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"godsavethecreamdenver.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371639/; classtype:trojan-activity;sid:81234739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bqkuacullllh/nbsa_322573044_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"dr-basic-psihijatar.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371638/; classtype:trojan-activity;sid:81234738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbaoh/126808707/nbsa_126808707_28052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"kemra.co.ke"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371637/; classtype:trojan-activity;sid:81234737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/flxxqozwshwn/nbsa_446_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"gvexcelsior.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371636/; classtype:trojan-activity;sid:81234736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aqdsbqsa/nbsa_3734_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"greenridgelawn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371635/; classtype:trojan-activity;sid:81234735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pzlnkda/nbsa_08350_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"qudaih.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371634/; classtype:trojan-activity;sid:81234734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vqynh/nbsa_7079_28052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"kertvarosi.sulinet.hu"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371633/; classtype:trojan-activity;sid:81234733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ajuvevjv/nbsa_201131723_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"yicodmalawi.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371632/; classtype:trojan-activity;sid:81234732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tguzuxmdedgy/nbsa_3281_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"podoshva.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371631/; classtype:trojan-activity;sid:81234731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ytmstzcffa/nbsa_578_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"haraline.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371630/; classtype:trojan-activity;sid:81234730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jaysrhz/nbsa_197_28052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"footholdfilms.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371629/; classtype:trojan-activity;sid:81234729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wmffjcyl/nbsa_2684785_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"msdolany.cz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371628/; classtype:trojan-activity;sid:81234728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uzanswypb/nbsa_5886_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"beta.mypno.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371627/; classtype:trojan-activity;sid:81234727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ikarfeep/1039565/nbsa_1039565_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"termasdelacal.cl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371626/; classtype:trojan-activity;sid:81234726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/djwurd/939952026/nbsa_939952026_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"boteco1.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371625/; classtype:trojan-activity;sid:81234725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/exgvr/nbsa_557042942_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"timeoutshelter.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371624/; classtype:trojan-activity;sid:81234724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/znhejeqar/nbsa_3421414_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"luckylandethiopiatours.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371623/; classtype:trojan-activity;sid:81234723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hqalzrakueii/nbsa_93715_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"woah90s.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371622/; classtype:trojan-activity;sid:81234722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wjrlh/nbsa_4681893_28052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"negociacioncolectiva.cl"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371621/; classtype:trojan-activity;sid:81234721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iqtkgsfyb/nbsa_13461_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"africanchildleadfoundation.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371620/; classtype:trojan-activity;sid:81234720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tguzuxmdedgy/926469/nbsa_926469_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"podoshva.su"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371619/; classtype:trojan-activity;sid:81234719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bgfleziist/nbsa_6325_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"stjohnsnohomish.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371618/; classtype:trojan-activity;sid:81234718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fgwafhh9"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371617/; classtype:trojan-activity;sid:81234717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/invoice.doc"; http_uri; depth:12; isdataat:!1,relative; content:"irequestyoutopleaseadviseonthepayment.duckdns.org"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371616/; classtype:trojan-activity;sid:81234716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/~adosot/27asp.exe"; http_uri; depth:18; isdataat:!1,relative; content:"staff.www.ltu.se"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371615/; classtype:trojan-activity;sid:81234715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/axrhnheagpjc/nbsa_539672988_28052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"annk.com.ua"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371614/; classtype:trojan-activity;sid:81234714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vvanyhfzve/9414380/nbsa_9414380_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"jgarthandassociates.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371613/; classtype:trojan-activity;sid:81234713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bkwttucaas/nbsa_965_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"keizomatsuda.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371612/; classtype:trojan-activity;sid:81234712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iqtkgsfyb/nbsa_81066_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"africanchildleadfoundation.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371611/; classtype:trojan-activity;sid:81234711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ppdfwpwbtd/236731/nbsa_236731_28052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"vectortrans.su"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371610/; classtype:trojan-activity;sid:81234710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bmnhubtlz/nbsa_3569427_28052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"pokharavacations.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371609/; classtype:trojan-activity;sid:81234709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/navozqy/96986/nbsa_96986_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"rwsim.co.nz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371608/; classtype:trojan-activity;sid:81234708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ykluwbu/nbsa_995069_28052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"boliviaki.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371607/; classtype:trojan-activity;sid:81234707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dmvuiuayg/nbsa_536480384_28052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"angeloutdoor.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371606/; classtype:trojan-activity;sid:81234706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsufwqnraba/nbsa_988_28052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"mannam.cat"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371605/; classtype:trojan-activity;sid:81234705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qmhuwhatt/nbsa_332434_28052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"oem-online.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371604/; classtype:trojan-activity;sid:81234704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/obgxbnljgvyr/353528/nbsa_353528_28052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"phoenixgroupllc.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371603/; classtype:trojan-activity;sid:81234703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hrrqii/54936/nbsa_54936_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"www.mayanmonkey.es"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371602/; classtype:trojan-activity;sid:81234702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dkolipwq/nbsa_337375220_28052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"imobilis.co.mz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371601/; classtype:trojan-activity;sid:81234701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/build_vlikhaznbw156.bin"; http_uri; depth:24; isdataat:!1,relative; content:"hosseinsoltani.ir"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371600/; classtype:trojan-activity;sid:81234700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1rqwjhiimzap-5waxxct13v8zn9fqzvgw"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371599/; classtype:trojan-activity;sid:81234699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1yn6rfv-nk22pki0ilzzzi1lxlhnm5i37"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371598/; classtype:trojan-activity;sid:81234698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/limit.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"27.122.56.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371597/; classtype:trojan-activity;sid:81234697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/limit.spc"; http_uri; depth:15; isdataat:!1,relative; content:"27.122.56.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371596/; classtype:trojan-activity;sid:81234696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/limit.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"27.122.56.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371595/; classtype:trojan-activity;sid:81234695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/limit.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"27.122.56.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371594/; classtype:trojan-activity;sid:81234694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/limit.mips"; http_uri; depth:16; isdataat:!1,relative; content:"27.122.56.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371593/; classtype:trojan-activity;sid:81234693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/limit.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"27.122.56.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371592/; classtype:trojan-activity;sid:81234692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/limit.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"27.122.56.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371591/; classtype:trojan-activity;sid:81234691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/limit.arm"; http_uri; depth:15; isdataat:!1,relative; content:"27.122.56.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371590/; classtype:trojan-activity;sid:81234690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/limit.x86"; http_uri; depth:15; isdataat:!1,relative; content:"27.122.56.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371589/; classtype:trojan-activity;sid:81234689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.x86"; http_uri; depth:16; isdataat:!1,relative; content:"104.168.213.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371588/; classtype:trojan-activity;sid:81234688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"185.205.209.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371587/; classtype:trojan-activity;sid:81234687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"64.227.101.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371586/; classtype:trojan-activity;sid:81234686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"159.203.59.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371585/; classtype:trojan-activity;sid:81234685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"95.217.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371584/; classtype:trojan-activity;sid:81234684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3/skp.dll"; http_uri; depth:10; isdataat:!1,relative; content:"aonagenarian.eu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371583/; classtype:trojan-activity;sid:81234683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/settings/boss.php"; http_uri; depth:18; isdataat:!1,relative; content:"yyauto.com.au"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371582/; classtype:trojan-activity;sid:81234682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dqtmvsuzidz/8888888.png"; http_uri; depth:24; isdataat:!1,relative; content:"deemproperty.co.uk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371581/; classtype:trojan-activity;sid:81234681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dbtleiyjsp/8888888.png"; http_uri; depth:23; isdataat:!1,relative; content:"theedgeskatepark.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371580/; classtype:trojan-activity;sid:81234680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cksbfbuc/8888888.png"; http_uri; depth:21; isdataat:!1,relative; content:"press-machines.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371579/; classtype:trojan-activity;sid:81234679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gqiccvoyqbes/8888888.png"; http_uri; depth:25; isdataat:!1,relative; content:"razoredgeskischool.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371578/; classtype:trojan-activity;sid:81234678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vdqnqelegbpf/8888888.png"; http_uri; depth:25; isdataat:!1,relative; content:"janefreemanfitness.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371577/; classtype:trojan-activity;sid:81234677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/sgyrytq.txt"; http_uri; depth:16; isdataat:!1,relative; content:"epfindia.in.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371576/; classtype:trojan-activity;sid:81234676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/aqvkceik"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371575/; classtype:trojan-activity;sid:81234675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; content:"45.95.168.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371574/; classtype:trojan-activity;sid:81234674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/9nvwqegj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371573/; classtype:trojan-activity;sid:81234673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.15.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371572/; classtype:trojan-activity;sid:81234672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"14.104.219.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371571/; classtype:trojan-activity;sid:81234671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.250.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371570/; classtype:trojan-activity;sid:81234670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.221.148.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371569/; classtype:trojan-activity;sid:81234669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371568/; classtype:trojan-activity;sid:81234668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371567/; classtype:trojan-activity;sid:81234667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.96.13.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371566/; classtype:trojan-activity;sid:81234666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371565/; classtype:trojan-activity;sid:81234665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371564/; classtype:trojan-activity;sid:81234664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.238.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371563/; classtype:trojan-activity;sid:81234663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smrken/bins/lele/ez/sora.arm6"; http_uri; depth:30; isdataat:!1,relative; content:"45.95.168.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371562/; classtype:trojan-activity;sid:81234662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smrken/bins/lele/ez/sora.mpsl"; http_uri; depth:30; isdataat:!1,relative; content:"45.95.168.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371561/; classtype:trojan-activity;sid:81234661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mips"; http_uri; depth:16; isdataat:!1,relative; content:"95.179.155.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371560/; classtype:trojan-activity;sid:81234660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gummy.spc"; http_uri; depth:15; isdataat:!1,relative; content:"195.245.239.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371559/; classtype:trojan-activity;sid:81234659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gummy.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"195.245.239.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371558/; classtype:trojan-activity;sid:81234658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gummy.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"195.245.239.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371557/; classtype:trojan-activity;sid:81234657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gummy.arm"; http_uri; depth:15; isdataat:!1,relative; content:"195.245.239.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371556/; classtype:trojan-activity;sid:81234656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"95.179.155.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371555/; classtype:trojan-activity;sid:81234655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"95.179.155.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371554/; classtype:trojan-activity;sid:81234654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gummy.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"195.245.239.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371553/; classtype:trojan-activity;sid:81234653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smrken/bins/lele/ez/sora.sh4"; http_uri; depth:29; isdataat:!1,relative; content:"45.95.168.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371552/; classtype:trojan-activity;sid:81234652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=f8867408aefd1477|7c|26|7c|resid=f8867408aefd1477%213420|7c|26|7c|authkey=aprk74la7bgauro"; http_uri; depth:101; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371551/; classtype:trojan-activity;sid:81234651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abcdefghijklmnopqrstuvwxyz/whoareyou.arm6"; http_uri; depth:42; isdataat:!1,relative; content:"142.11.222.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371550/; classtype:trojan-activity;sid:81234650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smrken/bins/lele/ez/sora.ppc"; http_uri; depth:29; isdataat:!1,relative; content:"45.95.168.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371549/; classtype:trojan-activity;sid:81234649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smrken/bins/lele/ez/sora.mips"; http_uri; depth:30; isdataat:!1,relative; content:"45.95.168.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371548/; classtype:trojan-activity;sid:81234648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abcdefghijklmnopqrstuvwxyz/whoareyou.arm5"; http_uri; depth:42; isdataat:!1,relative; content:"142.11.222.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371547/; classtype:trojan-activity;sid:81234647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gummy.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"195.245.239.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371546/; classtype:trojan-activity;sid:81234646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"95.179.155.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371545/; classtype:trojan-activity;sid:81234645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smrken/bins/lele/ez/sora.m68k"; http_uri; depth:30; isdataat:!1,relative; content:"45.95.168.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371544/; classtype:trojan-activity;sid:81234644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abcdefghijklmnopqrstuvwxyz/whoareyou.m68k"; http_uri; depth:42; isdataat:!1,relative; content:"142.11.222.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371543/; classtype:trojan-activity;sid:81234643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abcdefghijklmnopqrstuvwxyz/whoareyou.mips"; http_uri; depth:42; isdataat:!1,relative; content:"142.11.222.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371542/; classtype:trojan-activity;sid:81234642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abcdefghijklmnopqrstuvwxyz/whoareyou.spc"; http_uri; depth:41; isdataat:!1,relative; content:"142.11.222.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371541/; classtype:trojan-activity;sid:81234641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.spc"; http_uri; depth:15; isdataat:!1,relative; content:"95.179.155.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371540/; classtype:trojan-activity;sid:81234640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smrken/bins/lele/ez/sora.spc"; http_uri; depth:29; isdataat:!1,relative; content:"45.95.168.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371539/; classtype:trojan-activity;sid:81234639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abcdefghijklmnopqrstuvwxyz/whoareyou.mpsl"; http_uri; depth:42; isdataat:!1,relative; content:"142.11.222.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371538/; classtype:trojan-activity;sid:81234638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smrken/bins/lele/ez/sora.arm5"; http_uri; depth:30; isdataat:!1,relative; content:"45.95.168.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371537/; classtype:trojan-activity;sid:81234637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"95.179.155.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371536/; classtype:trojan-activity;sid:81234636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"95.179.155.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371535/; classtype:trojan-activity;sid:81234635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"95.179.155.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371534/; classtype:trojan-activity;sid:81234634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gummy.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"195.245.239.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371533/; classtype:trojan-activity;sid:81234633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abcdefghijklmnopqrstuvwxyz/whoareyou.x86"; http_uri; depth:41; isdataat:!1,relative; content:"142.11.222.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371532/; classtype:trojan-activity;sid:81234632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gummy.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"195.245.239.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371531/; classtype:trojan-activity;sid:81234631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smrken/bins/lele/ez/sora.x86"; http_uri; depth:29; isdataat:!1,relative; content:"45.95.168.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371530/; classtype:trojan-activity;sid:81234630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abcdefghijklmnopqrstuvwxyz/whoareyou.ppc"; http_uri; depth:41; isdataat:!1,relative; content:"142.11.222.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371529/; classtype:trojan-activity;sid:81234629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abcdefghijklmnopqrstuvwxyz/whoareyou.sh4"; http_uri; depth:41; isdataat:!1,relative; content:"142.11.222.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371528/; classtype:trojan-activity;sid:81234628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gummy.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"195.245.239.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371527/; classtype:trojan-activity;sid:81234627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"95.179.155.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371526/; classtype:trojan-activity;sid:81234626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371525/; classtype:trojan-activity;sid:81234625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371524/; classtype:trojan-activity;sid:81234624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371523/; classtype:trojan-activity;sid:81234623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371522/; classtype:trojan-activity;sid:81234622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371521/; classtype:trojan-activity;sid:81234621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371520/; classtype:trojan-activity;sid:81234620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371519/; classtype:trojan-activity;sid:81234619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371518/; classtype:trojan-activity;sid:81234618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371517/; classtype:trojan-activity;sid:81234617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371516/; classtype:trojan-activity;sid:81234616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371515/; classtype:trojan-activity;sid:81234615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371514/; classtype:trojan-activity;sid:81234614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371513/; classtype:trojan-activity;sid:81234613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.81.201.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371512/; classtype:trojan-activity;sid:81234612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1i3syxnlt5nqbdrsiuzatcy6g0yqdg40h"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371511/; classtype:trojan-activity;sid:81234611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/my_xxx_vuvhawg214.bin"; http_uri; depth:22; isdataat:!1,relative; content:"cmdtech.com.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371510/; classtype:trojan-activity;sid:81234610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1sqppisgtwdwvdxkmnlka4xfumu_j1del"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371509/; classtype:trojan-activity;sid:81234609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tag/tests/bin_zyxwlw22.bin"; http_uri; depth:27; isdataat:!1,relative; content:"class.britishonline.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371508/; classtype:trojan-activity;sid:81234608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1mxvwiak0vxb0gcul67fumihgpi4t4mio"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371507/; classtype:trojan-activity;sid:81234607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=17pypcp_cye3-opxp-4ofxd5tlkfe2vyn"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371506/; classtype:trojan-activity;sid:81234606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ycd0oflpibwqshsdzrntk8xzuoxczjrn"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371505/; classtype:trojan-activity;sid:81234605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mana.bin"; http_uri; depth:9; isdataat:!1,relative; content:"thedebagroup.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371504/; classtype:trojan-activity;sid:81234604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1mp7gwlblgmmtghad-ozjp4ffv3lqhqa7"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371503/; classtype:trojan-activity;sid:81234603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=15ffx5uc0edbunewzklfdiqx1aegvqaoc"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371502/; classtype:trojan-activity;sid:81234602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1bwgeananpiwhluhupor9jqssciv07bvt"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371501/; classtype:trojan-activity;sid:81234601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1bgdtw7kuh7m6q7lcsn1-jecpuvtze4bm"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371500/; classtype:trojan-activity;sid:81234600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1fx24wfkxvnv8likcecaopdhkiemqypox"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371499/; classtype:trojan-activity;sid:81234599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=17ns5tzu_ewwgib2tfpiot41qv71derks"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371498/; classtype:trojan-activity;sid:81234598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1wyiwdmfjl_0prjhjiffeuph4ziasfiqb"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371497/; classtype:trojan-activity;sid:81234597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc/gm.bin"; http_uri; depth:11; isdataat:!1,relative; content:"www.agenziabalestri.it"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371496/; classtype:trojan-activity;sid:81234596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=6605275726c6094a|7c|26|7c|resid=6605275726c6094a%21130|7c|26|7c|authkey=acpis2z-urr3vxy"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371495/; classtype:trojan-activity;sid:81234595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=e08e2d452e10fc69|7c|26|7c|resid=e08e2d452e10fc69%21160|7c|26|7c|authkey=aiendf-9lyln0x0"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371494/; classtype:trojan-activity;sid:81234594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chnsfrnd3/winlog.exe"; http_uri; depth:21; isdataat:!1,relative; content:"chinese3higncomeiscausedbythepandempv.duckdns.org"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371493/; classtype:trojan-activity;sid:81234593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"142.93.184.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371492/; classtype:trojan-activity;sid:81234592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/themes/inlite/ago.exe"; http_uri; depth:45; isdataat:!1,relative; content:"hmbwgroup.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371491/; classtype:trojan-activity;sid:81234591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"45.77.138.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371490/; classtype:trojan-activity;sid:81234590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"72.69.178.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371489/; classtype:trojan-activity;sid:81234589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"115.53.60.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371488/; classtype:trojan-activity;sid:81234588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"185.132.53.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371487/; classtype:trojan-activity;sid:81234587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm.cloudbot"; http_uri; depth:18; isdataat:!1,relative; content:"45.95.168.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371486/; classtype:trojan-activity;sid:81234586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"185.132.53.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371485/; classtype:trojan-activity;sid:81234585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/rcgxkaif.zx1.exe"; http_uri; depth:25; isdataat:!1,relative; content:"biz9holdings.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371484/; classtype:trojan-activity;sid:81234584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smrken/bins/lele/ez/sora.arm7"; http_uri; depth:30; isdataat:!1,relative; content:"45.95.168.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371483/; classtype:trojan-activity;sid:81234583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm"; http_uri; depth:15; isdataat:!1,relative; content:"95.179.155.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371482/; classtype:trojan-activity;sid:81234582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smrken/bins/lele/ez/sora.arm"; http_uri; depth:29; isdataat:!1,relative; content:"45.95.168.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371481/; classtype:trojan-activity;sid:81234581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"95.179.155.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371480/; classtype:trojan-activity;sid:81234580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ggisxci6bins.sh"; http_uri; depth:16; isdataat:!1,relative; content:"176.123.5.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371479/; classtype:trojan-activity;sid:81234579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"159.203.59.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371478/; classtype:trojan-activity;sid:81234578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"159.203.59.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371477/; classtype:trojan-activity;sid:81234577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"185.205.209.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371476/; classtype:trojan-activity;sid:81234576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"45.95.168.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371475/; classtype:trojan-activity;sid:81234575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.124.206.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371474/; classtype:trojan-activity;sid:81234574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"142.93.184.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371473/; classtype:trojan-activity;sid:81234573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"185.205.209.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371472/; classtype:trojan-activity;sid:81234572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/netbins/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"128.199.142.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371471/; classtype:trojan-activity;sid:81234571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/netbins/arm"; http_uri; depth:12; isdataat:!1,relative; content:"128.199.142.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371470/; classtype:trojan-activity;sid:81234570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"70.163.11.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371469/; classtype:trojan-activity;sid:81234569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jkira.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"51.38.244.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371468/; classtype:trojan-activity;sid:81234568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abcdefghijklmnopqrstuvwxyz/whoareyou.arm7"; http_uri; depth:42; isdataat:!1,relative; content:"142.11.222.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371467/; classtype:trojan-activity;sid:81234567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abcdefghijklmnopqrstuvwxyz/whoareyou.arm"; http_uri; depth:41; isdataat:!1,relative; content:"142.11.222.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371466/; classtype:trojan-activity;sid:81234566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cf67355a3333e6/init.sh"; http_uri; depth:23; isdataat:!1,relative; content:"global.bitmex.com.de"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371465/; classtype:trojan-activity;sid:81234565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gummy.mips"; http_uri; depth:16; isdataat:!1,relative; content:"195.245.239.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371464/; classtype:trojan-activity;sid:81234564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gummy.x86"; http_uri; depth:15; isdataat:!1,relative; content:"195.245.239.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371463/; classtype:trojan-activity;sid:81234563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rcvsdwse"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371462/; classtype:trojan-activity;sid:81234562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3306"; http_uri; depth:5; isdataat:!1,relative; content:"98.159.110.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371461/; classtype:trojan-activity;sid:81234561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.9.170.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371460/; classtype:trojan-activity;sid:81234560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.126.238.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371459/; classtype:trojan-activity;sid:81234559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.114.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371458/; classtype:trojan-activity;sid:81234558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.44.48.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371457/; classtype:trojan-activity;sid:81234557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.201.44.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371456/; classtype:trojan-activity;sid:81234556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371455/; classtype:trojan-activity;sid:81234555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.54.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371454/; classtype:trojan-activity;sid:81234554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371453/; classtype:trojan-activity;sid:81234553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.114.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371452/; classtype:trojan-activity;sid:81234552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.124.124.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371451/; classtype:trojan-activity;sid:81234551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.24.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371450/; classtype:trojan-activity;sid:81234550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.110.123.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371449/; classtype:trojan-activity;sid:81234549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ek56je9i"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371448/; classtype:trojan-activity;sid:81234548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/udjrkur5"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371447/; classtype:trojan-activity;sid:81234547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/i02i8agg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371446/; classtype:trojan-activity;sid:81234546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"//settings/boss.php"; http_uri; depth:19; isdataat:!1,relative; content:"yyauto.com.au"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371445/; classtype:trojan-activity;sid:81234545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"//iofiles/boss.php"; http_uri; depth:18; isdataat:!1,relative; content:"mazspares.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371444/; classtype:trojan-activity;sid:81234544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/swkvfbsd"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371443/; classtype:trojan-activity;sid:81234543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.35.161.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371442/; classtype:trojan-activity;sid:81234542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.196.132.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371441/; classtype:trojan-activity;sid:81234541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.5.30.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371440/; classtype:trojan-activity;sid:81234540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"89.148.210.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371439/; classtype:trojan-activity;sid:81234539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371438/; classtype:trojan-activity;sid:81234538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.123.109.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371437/; classtype:trojan-activity;sid:81234537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.101.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371436/; classtype:trojan-activity;sid:81234536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.112.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371435/; classtype:trojan-activity;sid:81234535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_29; reference:url, urlhaus.abuse.ch/url/371434/; classtype:trojan-activity;sid:81234534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/redcar.png"; http_uri; depth:18; isdataat:!1,relative; content:"162.216.0.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371433/; classtype:trojan-activity;sid:81234533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/7zerpirm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371432/; classtype:trojan-activity;sid:81234532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins//arm"; http_uri; depth:10; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371431/; classtype:trojan-activity;sid:81234531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vqps9pte"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371430/; classtype:trojan-activity;sid:81234530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ico/vidt6cers"; http_uri; depth:14; isdataat:!1,relative; content:"162.216.0.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371429/; classtype:trojan-activity;sid:81234529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/cursor.png"; http_uri; depth:18; isdataat:!1,relative; content:"162.216.0.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371428/; classtype:trojan-activity;sid:81234528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/imgpaper.png"; http_uri; depth:20; isdataat:!1,relative; content:"162.216.0.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371427/; classtype:trojan-activity;sid:81234527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadauthkey=!anhbzybkg3mekig|7c|26|7c|cid=21757e11f03b2792|7c|26|7c|resid=21757e11f03b2792!109|7c|26|7c|parid=root|7c|26|7c|o=oneup"; http_uri; depth:136; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371424/; classtype:trojan-activity;sid:81234524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"185.132.53.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371423/; classtype:trojan-activity;sid:81234523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.spc"; http_uri; depth:15; isdataat:!1,relative; content:"185.132.53.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371422/; classtype:trojan-activity;sid:81234522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"185.132.53.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371421/; classtype:trojan-activity;sid:81234521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"185.132.53.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371420/; classtype:trojan-activity;sid:81234520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"185.132.53.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371419/; classtype:trojan-activity;sid:81234519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mips"; http_uri; depth:16; isdataat:!1,relative; content:"185.132.53.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371418/; classtype:trojan-activity;sid:81234518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"185.132.53.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371417/; classtype:trojan-activity;sid:81234517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"185.132.53.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371416/; classtype:trojan-activity;sid:81234516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"185.132.53.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371415/; classtype:trojan-activity;sid:81234515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; content:"185.172.111.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371414/; classtype:trojan-activity;sid:81234514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/33bi/ares.mips64"; http_uri; depth:17; isdataat:!1,relative; content:"94.102.63.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371413/; classtype:trojan-activity;sid:81234513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/710580620857966592/715665352696004678/discord_ip_addy_grab_tool_by_zarx.exe"; http_uri; depth:88; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371412/; classtype:trojan-activity;sid:81234512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/paamxyep"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371411/; classtype:trojan-activity;sid:81234511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/eriirdge"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371410/; classtype:trojan-activity;sid:81234510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a|7c|3b|7c|chmod+777+mozi.a|7c|3b|7c|/tmp/mozi.a+jaws"; http_uri; depth:59; isdataat:!1,relative; content:"1.246.223.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371409/; classtype:trojan-activity;sid:81234509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a|7c|3b|7c|chmod+777+mozi.a|7c|3b|7c|/tmp/mozi.a+jaws"; http_uri; depth:59; isdataat:!1,relative; content:"111.38.25.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371408/; classtype:trojan-activity;sid:81234508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; content:"222.74.186.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371407/; classtype:trojan-activity;sid:81234507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371406/; classtype:trojan-activity;sid:81234506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/911.arm5"; http_uri; depth:9; isdataat:!1,relative; content:"37.49.226.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371405/; classtype:trojan-activity;sid:81234505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371404/; classtype:trojan-activity;sid:81234504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/911.mpsl"; http_uri; depth:9; isdataat:!1,relative; content:"37.49.226.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371403/; classtype:trojan-activity;sid:81234503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.x86"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371402/; classtype:trojan-activity;sid:81234502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371401/; classtype:trojan-activity;sid:81234501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.spc"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371400/; classtype:trojan-activity;sid:81234500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/911.arm"; http_uri; depth:8; isdataat:!1,relative; content:"37.49.226.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371399/; classtype:trojan-activity;sid:81234499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mips"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371398/; classtype:trojan-activity;sid:81234498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/911.ppc"; http_uri; depth:8; isdataat:!1,relative; content:"37.49.226.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371397/; classtype:trojan-activity;sid:81234497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.45.59.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371396/; classtype:trojan-activity;sid:81234496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371395/; classtype:trojan-activity;sid:81234495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.119.139.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371394/; classtype:trojan-activity;sid:81234494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.102.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371393/; classtype:trojan-activity;sid:81234493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371392/; classtype:trojan-activity;sid:81234492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"14.205.201.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371391/; classtype:trojan-activity;sid:81234491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"91.234.60.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371390/; classtype:trojan-activity;sid:81234490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"37.49.226.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371389/; classtype:trojan-activity;sid:81234489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371388/; classtype:trojan-activity;sid:81234488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"37.49.226.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371387/; classtype:trojan-activity;sid:81234487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.133.79.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371386/; classtype:trojan-activity;sid:81234486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc.exe"; http_uri; depth:8; isdataat:!1,relative; content:"111.90.149.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371385/; classtype:trojan-activity;sid:81234485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.170.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371384/; classtype:trojan-activity;sid:81234484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao2.cab"; http_uri; depth:28; isdataat:!1,relative; content:"s6oo5atdgmtceep8on.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371383/; classtype:trojan-activity;sid:81234483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jdrsra61"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371382/; classtype:trojan-activity;sid:81234482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/f.msi"; http_uri; depth:6; isdataat:!1,relative; content:"www.cmweenergy.it"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371381/; classtype:trojan-activity;sid:81234481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"198.211.104.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371380/; classtype:trojan-activity;sid:81234480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"198.211.104.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371379/; classtype:trojan-activity;sid:81234479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"198.211.104.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371378/; classtype:trojan-activity;sid:81234478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"198.211.104.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371377/; classtype:trojan-activity;sid:81234477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"198.211.104.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371376/; classtype:trojan-activity;sid:81234476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"198.211.104.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371375/; classtype:trojan-activity;sid:81234475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"198.211.104.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371374/; classtype:trojan-activity;sid:81234474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"198.211.104.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371373/; classtype:trojan-activity;sid:81234473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"198.211.104.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371372/; classtype:trojan-activity;sid:81234472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"198.211.104.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371371/; classtype:trojan-activity;sid:81234471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"198.211.104.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371370/; classtype:trojan-activity;sid:81234470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/o.msi"; http_uri; depth:6; isdataat:!1,relative; content:"cmweenergy.it"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371369/; classtype:trojan-activity;sid:81234469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kest/origi.doc"; http_uri; depth:15; isdataat:!1,relative; content:"van.info.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371368/; classtype:trojan-activity;sid:81234468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/o.msi"; http_uri; depth:6; isdataat:!1,relative; content:"www.cmweenergy.it"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371367/; classtype:trojan-activity;sid:81234467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/inpost.apk"; http_uri; depth:11; isdataat:!1,relative; content:"odbierzkod.pl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371366/; classtype:trojan-activity;sid:81234466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"45.95.168.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371365/; classtype:trojan-activity;sid:81234465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"45.95.168.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371364/; classtype:trojan-activity;sid:81234464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"45.95.168.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371363/; classtype:trojan-activity;sid:81234463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"45.95.168.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371362/; classtype:trojan-activity;sid:81234462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"45.95.168.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371361/; classtype:trojan-activity;sid:81234461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"45.95.168.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371360/; classtype:trojan-activity;sid:81234460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"45.95.168.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371359/; classtype:trojan-activity;sid:81234459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"45.95.168.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371358/; classtype:trojan-activity;sid:81234458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"45.95.168.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371357/; classtype:trojan-activity;sid:81234457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"45.95.168.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371356/; classtype:trojan-activity;sid:81234456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"45.95.168.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371355/; classtype:trojan-activity;sid:81234455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-keys.php"; http_uri; depth:12; isdataat:!1,relative; content:"chaplaincy.covenantuniversity.edu.ng"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371354/; classtype:trojan-activity;sid:81234454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-keys.php"; http_uri; depth:12; isdataat:!1,relative; content:"newsblog.usflydeals.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371353/; classtype:trojan-activity;sid:81234453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pandemi.apk"; http_uri; depth:12; isdataat:!1,relative; content:"sosyaldestek-tr.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371352/; classtype:trojan-activity;sid:81234452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.200.86.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371351/; classtype:trojan-activity;sid:81234451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.229.227.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371350/; classtype:trojan-activity;sid:81234450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.209.99.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371349/; classtype:trojan-activity;sid:81234449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371348/; classtype:trojan-activity;sid:81234448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.107.222.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371347/; classtype:trojan-activity;sid:81234447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.8.42.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371346/; classtype:trojan-activity;sid:81234446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x86"; http_uri; depth:10; isdataat:!1,relative; content:"161.35.32.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371345/; classtype:trojan-activity;sid:81234445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=809f316b561d99ca|7c|26|7c|resid=809f316b561d99ca%21164|7c|26|7c|authkey=apfbhyl0wwthgia"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371344/; classtype:trojan-activity;sid:81234444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1xy4fixmfmeasp1ox278dy7gtkjzp1ts2"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371343/; classtype:trojan-activity;sid:81234443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=02e98840a4c9fd6c|7c|26|7c|resid=2e98840a4c9fd6c%211172|7c|26|7c|authkey=aecgmc__p8n8irw"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371342/; classtype:trojan-activity;sid:81234442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dvtjxlcrksfz/dqor_690_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"moviesdun.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371341/; classtype:trojan-activity;sid:81234441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/572888262717341707/600688945394745384/discordextension.exe"; http_uri; depth:71; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371340/; classtype:trojan-activity;sid:81234440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/712620498756042832/715615990939123852/e7ef4faeb60e35b1.exe"; http_uri; depth:71; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371339/; classtype:trojan-activity;sid:81234439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"14.45.175.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371338/; classtype:trojan-activity;sid:81234438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"221.145.205.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371337/; classtype:trojan-activity;sid:81234437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"211.199.153.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371336/; classtype:trojan-activity;sid:81234436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lisk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"rublemine.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371335/; classtype:trojan-activity;sid:81234435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lisk-win-1.26.0.msi"; http_uri; depth:20; isdataat:!1,relative; content:"rublemine.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371334/; classtype:trojan-activity;sid:81234434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/freebot.exe"; http_uri; depth:12; isdataat:!1,relative; content:"rublemine.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371333/; classtype:trojan-activity;sid:81234433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cryptomoney.msi"; http_uri; depth:16; isdataat:!1,relative; content:"rublemine.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371332/; classtype:trojan-activity;sid:81234432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao11.cab"; http_uri; depth:29; isdataat:!1,relative; content:"wola4ru08w9i7jjpuc.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371331/; classtype:trojan-activity;sid:81234431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/clipe.exe"; http_uri; depth:10; isdataat:!1,relative; content:"bitcoroll.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371330/; classtype:trojan-activity;sid:81234430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dogetab.exe"; http_uri; depth:12; isdataat:!1,relative; content:"rublemine.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371329/; classtype:trojan-activity;sid:81234429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucid=0bxsmxgfpizfsvlvsoglevgxuzvk|7c|26|7c|export=download"; http_uri; depth:59; isdataat:!1,relative; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371328/; classtype:trojan-activity;sid:81234428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sik/4s.exe"; http_uri; depth:11; isdataat:!1,relative; content:"stfu.stike.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371327/; classtype:trojan-activity;sid:81234427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/pfn9lwl4"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371326/; classtype:trojan-activity;sid:81234426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s.msi"; http_uri; depth:6; isdataat:!1,relative; content:"www.cmweenergy.it"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371325/; classtype:trojan-activity;sid:81234425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20gb_hediye_internet.apk"; http_uri; depth:25; isdataat:!1,relative; content:"eyukletr.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371324/; classtype:trojan-activity;sid:81234424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20gb_hediye_internet.apk"; http_uri; depth:25; isdataat:!1,relative; content:"tlyuklet.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371323/; classtype:trojan-activity;sid:81234423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20gb_hediye_internet.apk"; http_uri; depth:25; isdataat:!1,relative; content:"tlyuklet.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371322/; classtype:trojan-activity;sid:81234422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20gb_hediye_internet.apk"; http_uri; depth:25; isdataat:!1,relative; content:"tlyuklet.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371321/; classtype:trojan-activity;sid:81234421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20gb_hediye_internet.apk"; http_uri; depth:25; isdataat:!1,relative; content:"zyukle.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371320/; classtype:trojan-activity;sid:81234420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20gb_hediye_internet.apk"; http_uri; depth:25; isdataat:!1,relative; content:"zyukle.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371319/; classtype:trojan-activity;sid:81234419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"171.101.45.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371318/; classtype:trojan-activity;sid:81234418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2020/05/rzgxhifysusg/00755/darlehensvertrag_00755_19052020.zip"; http_uri; depth:82; isdataat:!1,relative; content:"www.dhnonline.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371317/; classtype:trojan-activity;sid:81234417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzjlicpglr/darlehensvertrag_9445_18052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"thewallingtonsquare.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371316/; classtype:trojan-activity;sid:81234416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qwhorekun/38114657/darlehensvertrag_38114657_19052020.zip"; http_uri; depth:58; isdataat:!1,relative; content:"mahmudkara.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371315/; classtype:trojan-activity;sid:81234415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/levfobbvjcrm/darlehensvertrag_783188_19052020.zip"; http_uri; depth:50; isdataat:!1,relative; content:"communitymedia.org.in"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371314/; classtype:trojan-activity;sid:81234414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ampzxyr/darlehensvertrag_74711743_19052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"careers.kodshift.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371313/; classtype:trojan-activity;sid:81234413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cajaobgnlpe/3236413/darlehensvertrag_3236413_19052020.zip"; http_uri; depth:58; isdataat:!1,relative; content:"iconicdreamevents.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371312/; classtype:trojan-activity;sid:81234412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2020/05/wtukr/342065/darlehensvertrag_342065_19052020.zip"; http_uri; depth:77; isdataat:!1,relative; content:"satishchandraiti.co.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371311/; classtype:trojan-activity;sid:81234411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wp-content/uploads/2020/05/szixxcfity/4240/darlehensvertrag_4240_19052020.zip"; http_uri; depth:81; isdataat:!1,relative; content:"medical.ofa.or.jp"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371310/; classtype:trojan-activity;sid:81234410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wp-content/uploads/2020/05/szixxcfity/12050/darlehensvertrag_12050_19052020.zip"; http_uri; depth:83; isdataat:!1,relative; content:"medical.ofa.or.jp"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371309/; classtype:trojan-activity;sid:81234409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2020/05/ynoqsxtph/darlehensvertrag_1514788_19052020.zip"; http_uri; depth:75; isdataat:!1,relative; content:"gracenreign.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371308/; classtype:trojan-activity;sid:81234408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alfh/xzrn.phpl=lfahe10.cab"; http_uri; depth:27; isdataat:!1,relative; content:"i4y2du8rr6npqvhv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371307/; classtype:trojan-activity;sid:81234407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubcypftvs/dqor_091221632_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"autoful.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371306/; classtype:trojan-activity;sid:81234406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ftksv4kk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371305/; classtype:trojan-activity;sid:81234405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c5der0hj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371304/; classtype:trojan-activity;sid:81234404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0k0z2tdn"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371303/; classtype:trojan-activity;sid:81234403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2xxxxxxx.zip"; http_uri; depth:13; isdataat:!1,relative; content:"box.rockleyphotonisc.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371302/; classtype:trojan-activity;sid:81234402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.130.115.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371301/; classtype:trojan-activity;sid:81234401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.241.171.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371300/; classtype:trojan-activity;sid:81234400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371299/; classtype:trojan-activity;sid:81234399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.212.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371298/; classtype:trojan-activity;sid:81234398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.186.78.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371297/; classtype:trojan-activity;sid:81234397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.33.248.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371296/; classtype:trojan-activity;sid:81234396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.86.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371295/; classtype:trojan-activity;sid:81234395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371294/; classtype:trojan-activity;sid:81234394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testingsvr88292.m68k"; http_uri; depth:26; isdataat:!1,relative; content:"45.143.220.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371293/; classtype:trojan-activity;sid:81234393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testingsvr88292.arm6"; http_uri; depth:26; isdataat:!1,relative; content:"45.143.220.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371292/; classtype:trojan-activity;sid:81234392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testingsvr88292.ppc"; http_uri; depth:25; isdataat:!1,relative; content:"45.143.220.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371291/; classtype:trojan-activity;sid:81234391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testingsvr88292.spc"; http_uri; depth:25; isdataat:!1,relative; content:"45.143.220.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371290/; classtype:trojan-activity;sid:81234390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"201.192.165.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371289/; classtype:trojan-activity;sid:81234389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testingsvr88292.x86"; http_uri; depth:25; isdataat:!1,relative; content:"45.143.220.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371288/; classtype:trojan-activity;sid:81234388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testingsvr88292.arm"; http_uri; depth:25; isdataat:!1,relative; content:"45.143.220.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371287/; classtype:trojan-activity;sid:81234387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testingsvr88292.sh4"; http_uri; depth:25; isdataat:!1,relative; content:"45.143.220.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371286/; classtype:trojan-activity;sid:81234386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testingsvr88292.mpsl"; http_uri; depth:26; isdataat:!1,relative; content:"45.143.220.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371285/; classtype:trojan-activity;sid:81234385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/9ag11tnaer8n1hg/invoice-720030-payments/"; http_uri; depth:46; isdataat:!1,relative; content:"dropbox.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371284/; classtype:trojan-activity;sid:81234384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testingsvr88292.mips"; http_uri; depth:26; isdataat:!1,relative; content:"45.143.220.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371283/; classtype:trojan-activity;sid:81234383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao15.cab"; http_uri; depth:29; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371282/; classtype:trojan-activity;sid:81234382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao14.cab"; http_uri; depth:29; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371281/; classtype:trojan-activity;sid:81234381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao13.cab"; http_uri; depth:29; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371280/; classtype:trojan-activity;sid:81234380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao12.cab"; http_uri; depth:29; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371279/; classtype:trojan-activity;sid:81234379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao11.cab"; http_uri; depth:29; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371278/; classtype:trojan-activity;sid:81234378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao10.cab"; http_uri; depth:29; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371277/; classtype:trojan-activity;sid:81234377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao9.cab"; http_uri; depth:28; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371276/; classtype:trojan-activity;sid:81234376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao8.cab"; http_uri; depth:28; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371275/; classtype:trojan-activity;sid:81234375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao7.cab"; http_uri; depth:28; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371274/; classtype:trojan-activity;sid:81234374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao6.cab"; http_uri; depth:28; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371273/; classtype:trojan-activity;sid:81234373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao5.cab"; http_uri; depth:28; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371272/; classtype:trojan-activity;sid:81234372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao4.cab"; http_uri; depth:28; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371271/; classtype:trojan-activity;sid:81234371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao3.cab"; http_uri; depth:28; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371270/; classtype:trojan-activity;sid:81234370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao2.cab"; http_uri; depth:28; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371269/; classtype:trojan-activity;sid:81234369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/urvave/cennc.phpl=haao1.cab"; http_uri; depth:28; isdataat:!1,relative; content:"oz10krn1rkxqnkcbdm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371268/; classtype:trojan-activity;sid:81234368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p_15636fi4d1.jpg"; http_uri; depth:17; isdataat:!1,relative; content:"l.top4top.io"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371267/; classtype:trojan-activity;sid:81234367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p_15703ctcs1.jpg"; http_uri; depth:17; isdataat:!1,relative; content:"l.top4top.io"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371266/; classtype:trojan-activity;sid:81234366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uih4p9cv"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371265/; classtype:trojan-activity;sid:81234365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hnmcyfld"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371264/; classtype:trojan-activity;sid:81234364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1eewbzwvpy7z2lzetbaka2cbusdumxytx"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371263/; classtype:trojan-activity;sid:81234363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nw_bbchqibppe130.bin"; http_uri; depth:21; isdataat:!1,relative; content:"blockchains.pk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371262/; classtype:trojan-activity;sid:81234362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rac_khwxo175.bin"; http_uri; depth:17; isdataat:!1,relative; content:"ffvgdsv.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371261/; classtype:trojan-activity;sid:81234361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=17wghigsexfufk3dshqwkale9qwoqtbno"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371260/; classtype:trojan-activity;sid:81234360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p_1546y86161.jpg"; http_uri; depth:17; isdataat:!1,relative; content:"l.top4top.io"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371259/; classtype:trojan-activity;sid:81234359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p_1535k08701.jpg"; http_uri; depth:17; isdataat:!1,relative; content:"l.top4top.io"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371258/; classtype:trojan-activity;sid:81234358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p_156654nck1.jpg"; http_uri; depth:17; isdataat:!1,relative; content:"l.top4top.io"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371257/; classtype:trojan-activity;sid:81234357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lol2.exe"; http_uri; depth:9; isdataat:!1,relative; content:"rublemine.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371256/; classtype:trojan-activity;sid:81234356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lol.exe"; http_uri; depth:8; isdataat:!1,relative; content:"rublemine.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371255/; classtype:trojan-activity;sid:81234355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gop.exe"; http_uri; depth:8; isdataat:!1,relative; content:"bitcoroll.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371254/; classtype:trojan-activity;sid:81234354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/witxkro/dqor_43745426_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"service-acer.by"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371253/; classtype:trojan-activity;sid:81234353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cq9s67qr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371252/; classtype:trojan-activity;sid:81234352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"99.151.48.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371251/; classtype:trojan-activity;sid:81234351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=55381ffd75ef8cda|7c|26|7c|resid=55381ffd75ef8cda!270|7c|26|7c|authkey=aev4isgyubiofdi"; http_uri; depth:98; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371250/; classtype:trojan-activity;sid:81234350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kzzvl1jk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371249/; classtype:trojan-activity;sid:81234349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kest/win.exe"; http_uri; depth:13; isdataat:!1,relative; content:"van.info.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371248/; classtype:trojan-activity;sid:81234348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kest/bust.exe"; http_uri; depth:14; isdataat:!1,relative; content:"van.info.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371247/; classtype:trojan-activity;sid:81234347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_zykrhamaxu11.bin"; http_uri; depth:30; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371246/; classtype:trojan-activity;sid:81234346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_zqmndzrtf118.bin"; http_uri; depth:30; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371245/; classtype:trojan-activity;sid:81234345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_xyjwvwujn128.bin"; http_uri; depth:30; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371244/; classtype:trojan-activity;sid:81234344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_wuvco80.bin"; http_uri; depth:25; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371243/; classtype:trojan-activity;sid:81234343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_vclrigguft92.bin"; http_uri; depth:30; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371242/; classtype:trojan-activity;sid:81234342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_vakfeyewyh203.bin"; http_uri; depth:31; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371241/; classtype:trojan-activity;sid:81234341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_slatqkggw86.bin"; http_uri; depth:29; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371240/; classtype:trojan-activity;sid:81234340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_qqqnr40.bin"; http_uri; depth:25; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371239/; classtype:trojan-activity;sid:81234339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_ncgpx206.bin"; http_uri; depth:26; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371238/; classtype:trojan-activity;sid:81234338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_nbjhhbzj193.bin"; http_uri; depth:29; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371237/; classtype:trojan-activity;sid:81234337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_loaahsgwus5.bin"; http_uri; depth:29; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371236/; classtype:trojan-activity;sid:81234336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_kwfanzeuv168.bin"; http_uri; depth:30; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371235/; classtype:trojan-activity;sid:81234335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_kmekctxdu34.bin"; http_uri; depth:29; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371234/; classtype:trojan-activity;sid:81234334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_hgnjkjmzhx217.bin"; http_uri; depth:31; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371233/; classtype:trojan-activity;sid:81234333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_dfjoklzh248.bin"; http_uri; depth:29; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371232/; classtype:trojan-activity;sid:81234332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_agdyck50.bin"; http_uri; depth:26; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371231/; classtype:trojan-activity;sid:81234331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_azhqi131.bin"; http_uri; depth:26; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371230/; classtype:trojan-activity;sid:81234330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_xicsk145.bin"; http_uri; depth:26; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371229/; classtype:trojan-activity;sid:81234329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_vhrpiugul36.bin"; http_uri; depth:29; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371228/; classtype:trojan-activity;sid:81234328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_uplcttl56.bin"; http_uri; depth:27; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371227/; classtype:trojan-activity;sid:81234327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_uthrmj194.bin"; http_uri; depth:27; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371226/; classtype:trojan-activity;sid:81234326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_sracya43.bin"; http_uri; depth:26; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371225/; classtype:trojan-activity;sid:81234325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_qeymmph41.bin"; http_uri; depth:27; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371224/; classtype:trojan-activity;sid:81234324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_pqfshqgb199.bin"; http_uri; depth:29; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371223/; classtype:trojan-activity;sid:81234323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_nwhbp17.bin"; http_uri; depth:25; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371222/; classtype:trojan-activity;sid:81234322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_ljvepgoki229.bin"; http_uri; depth:30; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371221/; classtype:trojan-activity;sid:81234321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_kczuy79.bin"; http_uri; depth:25; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371220/; classtype:trojan-activity;sid:81234320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_iafuwdfd8.bin"; http_uri; depth:27; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371219/; classtype:trojan-activity;sid:81234319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_hegvxejm191.bin"; http_uri; depth:29; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371218/; classtype:trojan-activity;sid:81234318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_fxohnopx215.bin"; http_uri; depth:29; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371217/; classtype:trojan-activity;sid:81234317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_iitmy20.bin"; http_uri; depth:25; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371216/; classtype:trojan-activity;sid:81234316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_cesdnszzl200.bin"; http_uri; depth:30; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371215/; classtype:trojan-activity;sid:81234315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/middlemay_bwdrsbp147.bin"; http_uri; depth:28; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371214/; classtype:trojan-activity;sid:81234314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ko/dontknowwhy_qrwgnnk145.bin"; http_uri; depth:30; isdataat:!1,relative; content:"www.gigatechsol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371213/; classtype:trojan-activity;sid:81234313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nw_bbchqibppe130.bin"; http_uri; depth:21; isdataat:!1,relative; content:"ffvgdsv.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371188/; classtype:trojan-activity;sid:81234288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rac_khwxo175.bin"; http_uri; depth:17; isdataat:!1,relative; content:"ffacscs.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371187/; classtype:trojan-activity;sid:81234287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ac.exe"; http_uri; depth:7; isdataat:!1,relative; content:"ffvgdsv.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371186/; classtype:trojan-activity;sid:81234286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nw.exe"; http_uri; depth:7; isdataat:!1,relative; content:"ffacscs.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371185/; classtype:trojan-activity;sid:81234285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ds1.exe"; http_uri; depth:8; isdataat:!1,relative; content:"ffacscs.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371184/; classtype:trojan-activity;sid:81234284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rac1.exe"; http_uri; depth:9; isdataat:!1,relative; content:"ffvgdsv.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371183/; classtype:trojan-activity;sid:81234283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=e61e5f3f655316fa|7c|26|7c|resid=e61e5f3f655316fa%21221|7c|26|7c|authkey=akcj_wjy0dh-ezo"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371182/; classtype:trojan-activity;sid:81234282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lzzggyoq/58281813/dqor_58281813_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"vertigo-corporate.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371181/; classtype:trojan-activity;sid:81234281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"2.42.255.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371180/; classtype:trojan-activity;sid:81234280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/fotos/myscr548671.js"; http_uri; depth:28; isdataat:!1,relative; content:"judithbouma.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371179/; classtype:trojan-activity;sid:81234279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ksrhbrryopve/dqor_978_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"auto0.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371178/; classtype:trojan-activity;sid:81234278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amvbnqikftwu/612827755/dqor_612827755_27052020.zip"; http_uri; depth:51; isdataat:!1,relative; content:"a0409082.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371177/; classtype:trojan-activity;sid:81234277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gbojqmzyyief/dqor_839_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"visuseguros.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371176/; classtype:trojan-activity;sid:81234276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sayjcnoams/dqor_433_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"sls-security.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371175/; classtype:trojan-activity;sid:81234275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sayjcnoams/957/dqor_957_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"sls-security.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371174/; classtype:trojan-activity;sid:81234274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/witxkro/dqor_6384_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"service-acer.by"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371173/; classtype:trojan-activity;sid:81234273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xvubjwm/dqor_775435_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371172/; classtype:trojan-activity;sid:81234272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xvubjwm/85949108/dqor_85949108_27052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371171/; classtype:trojan-activity;sid:81234271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xrfmj/dqor_15594_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371170/; classtype:trojan-activity;sid:81234270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xrfmj/555946/dqor_555946_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371169/; classtype:trojan-activity;sid:81234269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cydoosmn/dqor_009207621_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"nhfonline.com.my"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371168/; classtype:trojan-activity;sid:81234268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cydoosmn/7062508/dqor_7062508_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"nhfonline.com.my"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371167/; classtype:trojan-activity;sid:81234267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cydoosmn/6078383/dqor_6078383_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"nhfonline.com.my"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371166/; classtype:trojan-activity;sid:81234266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kipwf/dqor_0172_27052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"kalpanascreations.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371165/; classtype:trojan-activity;sid:81234265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kipwf/226546767/dqor_226546767_27052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"kalpanascreations.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371164/; classtype:trojan-activity;sid:81234264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1k9_ls_kzcnxnqd8yirbvnkjclnk0rzbb"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371163/; classtype:trojan-activity;sid:81234263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1cjlcid3jszdme9c-yjwgcmhcwqtfbzfp"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371162/; classtype:trojan-activity;sid:81234262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a_uxegsdnime3.bin"; http_uri; depth:18; isdataat:!1,relative; content:"ffvgdsv.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371161/; classtype:trojan-activity;sid:81234261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a_uxegsdnime3.bin"; http_uri; depth:18; isdataat:!1,relative; content:"ffacscs.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371160/; classtype:trojan-activity;sid:81234260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1n8eyzme4ew_jahmvr_vmlymkeuvv7tuh"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371159/; classtype:trojan-activity;sid:81234259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=123_-xj_jpgz0lcdxpcp4ksaeji1g6p8k"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371158/; classtype:trojan-activity;sid:81234258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bdo/vbc.exe"; http_uri; depth:12; isdataat:!1,relative; content:"systemsecureserverprotocolgooglegood.duckdns.org"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371157/; classtype:trojan-activity;sid:81234257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bdo/document.doc"; http_uri; depth:17; isdataat:!1,relative; content:"systemsecureserverprotocolgooglegood.duckdns.org"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371156/; classtype:trojan-activity;sid:81234256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fokxalev/dqor_0123402_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371155/; classtype:trojan-activity;sid:81234255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fokxalev/4651574/dqor_4651574_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371154/; classtype:trojan-activity;sid:81234254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yjpyw/dqor_89861_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"xn--80aadeo0bkmb7a6j.xn--p1ai"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371153/; classtype:trojan-activity;sid:81234253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yjpyw/52743511/dqor_52743511_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"xn--80aadeo0bkmb7a6j.xn--p1ai"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371152/; classtype:trojan-activity;sid:81234252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nzzjmltub/640/dqor_640_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"www.reginas.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371151/; classtype:trojan-activity;sid:81234251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hjxegqw/4951/dqor_4951_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"reisnaarlonden.nl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371150/; classtype:trojan-activity;sid:81234250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xhbvrkxb/dqor_123649_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"valesports.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371149/; classtype:trojan-activity;sid:81234249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mwinjhhtsxsg/77622918/dqor_77622918_27052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"uwpoolsetolk.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371148/; classtype:trojan-activity;sid:81234248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mwinjhhtsxsg/1708610/dqor_1708610_27052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"uwpoolsetolk.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371147/; classtype:trojan-activity;sid:81234247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/guitckycbcga/dqor_0803_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"tlcmoto.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371146/; classtype:trojan-activity;sid:81234246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/thjyvgumh/dqor_65631_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"thesportssync.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371145/; classtype:trojan-activity;sid:81234245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xllwkeeeb/dqor_54311_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"specinsulation.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371144/; classtype:trojan-activity;sid:81234244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ypmgbrbre/648296616/dqor_648296616_27052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371143/; classtype:trojan-activity;sid:81234243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ypmgbrbre/23243/dqor_23243_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371142/; classtype:trojan-activity;sid:81234242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ypmgbrbre/143/dqor_143_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371141/; classtype:trojan-activity;sid:81234241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ypmgbrbre/086769386/dqor_086769386_27052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371140/; classtype:trojan-activity;sid:81234240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yshjew/dqor_068526_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"securityprotective.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371139/; classtype:trojan-activity;sid:81234239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yshjew/65531634/dqor_65531634_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"securityprotective.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371138/; classtype:trojan-activity;sid:81234238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nbagymubwhvi/dqor_32379006_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"securityprotective.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371137/; classtype:trojan-activity;sid:81234237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzmhljlljz/dqor_6538884_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"searchandsave.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371136/; classtype:trojan-activity;sid:81234236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rytqpekqyxfc/dqor_821380495_27052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"printpressplus.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371135/; classtype:trojan-activity;sid:81234235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kokaobasj/dqor_85863228_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"primemoversynergies.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371134/; classtype:trojan-activity;sid:81234234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kokaobasj/dqor_155_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"primemoversynergies.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371133/; classtype:trojan-activity;sid:81234233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzjhxxasajl/dqor_318576_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"pkp.cyto.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371132/; classtype:trojan-activity;sid:81234232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dvtjxlcrksfz/dqor_1886217_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"moviesdun.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371131/; classtype:trojan-activity;sid:81234231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dvtjxlcrksfz/50218438/dqor_50218438_27052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"moviesdun.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371130/; classtype:trojan-activity;sid:81234230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nygueketkad/dqor_869142891_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"mdsinfo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371129/; classtype:trojan-activity;sid:81234229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nygueketkad/dqor_32505608_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"mdsinfo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371128/; classtype:trojan-activity;sid:81234228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxmctnykkk/dqor_56994_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"maskankaraj.ir"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371127/; classtype:trojan-activity;sid:81234227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxmctnykkk/dqor_27078_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"maskankaraj.ir"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371126/; classtype:trojan-activity;sid:81234226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qitpcizylas/dqor_77813_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"marina-sk.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371125/; classtype:trojan-activity;sid:81234225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/emoiofs/dqor_910687_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"mallestore.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371124/; classtype:trojan-activity;sid:81234224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tpkqsgulchy/dqor_8097320_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"lustrapro.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371123/; classtype:trojan-activity;sid:81234223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rlmaktdzk/dqor_9441126_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"demo.crcinks.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371122/; classtype:trojan-activity;sid:81234222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rlmaktdzk/dqor_157687709_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"demo.crcinks.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371121/; classtype:trojan-activity;sid:81234221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rlmaktdzk/dqor_0586985_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"demo.crcinks.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371120/; classtype:trojan-activity;sid:81234220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vwzfvshtotg/dqor_57821_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"daryvostoka.com.ua"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371119/; classtype:trojan-activity;sid:81234219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ezztlykfk/dqor_925942_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"centrumkulturygdynia.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371118/; classtype:trojan-activity;sid:81234218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ezztlykfk/dqor_4473384_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"centrumkulturygdynia.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371117/; classtype:trojan-activity;sid:81234217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ezztlykfk/dqor_08234081_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"centrumkulturygdynia.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371116/; classtype:trojan-activity;sid:81234216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ezztlykfk/589/dqor_589_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"centrumkulturygdynia.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371115/; classtype:trojan-activity;sid:81234215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eeiffyv/dqor_912_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"cavortsports.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371114/; classtype:trojan-activity;sid:81234214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eeiffyv/dqor_878695374_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"cavortsports.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371113/; classtype:trojan-activity;sid:81234213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eeiffyv/761308638/dqor_761308638_27052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"cavortsports.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371112/; classtype:trojan-activity;sid:81234212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eeiffyv/120744/dqor_120744_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"cavortsports.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371111/; classtype:trojan-activity;sid:81234211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/velsx/567/dqor_567_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"bimedia.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371110/; classtype:trojan-activity;sid:81234210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hgxnb/dqor_309001871_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"bimedia.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371109/; classtype:trojan-activity;sid:81234209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gbxee/dqor_269557_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"bbkaproduction.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371108/; classtype:trojan-activity;sid:81234208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ycfpyeze/dqor_05826_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"atozpumps.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371107/; classtype:trojan-activity;sid:81234207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plruqpsuui/dqor_0434798_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"aspazis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371106/; classtype:trojan-activity;sid:81234206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tlisgunlmtop/51161/dqor_51161_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"acsabath.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371105/; classtype:trojan-activity;sid:81234205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cazrjfxab/dqor_6887_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"absolutepeople.nl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371104/; classtype:trojan-activity;sid:81234204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cazrjfxab/dqor_1448003_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"absolutepeople.nl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371103/; classtype:trojan-activity;sid:81234203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cazrjfxab/044/dqor_044_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"absolutepeople.nl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371102/; classtype:trojan-activity;sid:81234202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cazrjfxab/038189019/dqor_038189019_27052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"absolutepeople.nl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371101/; classtype:trojan-activity;sid:81234201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amvbnqikftwu/873/dqor_873_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"a0409082.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371100/; classtype:trojan-activity;sid:81234200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mwinjhhtsxsg/dqor_898594_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"uwpoolsetolk.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371099/; classtype:trojan-activity;sid:81234199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zsldt/05450707/dqor_05450707_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"motivemedia.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371098/; classtype:trojan-activity;sid:81234198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testingsvr88292.arm7"; http_uri; depth:26; isdataat:!1,relative; content:"45.143.220.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371097/; classtype:trojan-activity;sid:81234197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/testingsvr88292.arm5"; http_uri; depth:26; isdataat:!1,relative; content:"45.143.220.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371096/; classtype:trojan-activity;sid:81234196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amvbnqikftwu/487076/dqor_487076_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"a0409082.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371095/; classtype:trojan-activity;sid:81234195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"24.137.147.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371094/; classtype:trojan-activity;sid:81234194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/txiplfsdparb/780401458/dqor_780401458_27052020.zip"; http_uri; depth:51; isdataat:!1,relative; content:"retail5.com.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371093/; classtype:trojan-activity;sid:81234193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/majo/invoice.doc"; http_uri; depth:17; isdataat:!1,relative; content:"systemsecureserverprotocolgooglegood.duckdns.org"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371092/; classtype:trojan-activity;sid:81234192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gru/invoice_145525.doc"; http_uri; depth:23; isdataat:!1,relative; content:"systemsecureserverprotocolgooglegood.duckdns.org"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371091/; classtype:trojan-activity;sid:81234191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gru/vbc.exe"; http_uri; depth:12; isdataat:!1,relative; content:"systemsecureserverprotocolgooglegood.duckdns.org"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371090/; classtype:trojan-activity;sid:81234190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nzzjmltub/924847594/dqor_924847594_27052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"www.reginas.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371089/; classtype:trojan-activity;sid:81234189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bdo/invoice.doc"; http_uri; depth:16; isdataat:!1,relative; content:"systemsecureserverprotocolgooglegood.duckdns.org"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371088/; classtype:trojan-activity;sid:81234188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ds2.exe"; http_uri; depth:8; isdataat:!1,relative; content:"ffacscs.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371087/; classtype:trojan-activity;sid:81234187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rac2.exe"; http_uri; depth:9; isdataat:!1,relative; content:"ffvgdsv.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371086/; classtype:trojan-activity;sid:81234186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gd/invoice.doc"; http_uri; depth:15; isdataat:!1,relative; content:"systemsecureserverprotocolgooglegood.duckdns.org"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371085/; classtype:trojan-activity;sid:81234185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bg/vbc.exe"; http_uri; depth:11; isdataat:!1,relative; content:"systemsecureserverprotocolgooglegood.duckdns.org"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371084/; classtype:trojan-activity;sid:81234184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371083/; classtype:trojan-activity;sid:81234183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371082/; classtype:trojan-activity;sid:81234182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371081/; classtype:trojan-activity;sid:81234181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371080/; classtype:trojan-activity;sid:81234180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371079/; classtype:trojan-activity;sid:81234179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fayaicgjq/2092/dqor_2092_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"www.healthy-meal.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371078/; classtype:trojan-activity;sid:81234178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nygueketkad/dqor_81619_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"mdsinfo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371077/; classtype:trojan-activity;sid:81234177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmdccsoe/94586109/dqor_94586109_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"advokatyanao.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371076/; classtype:trojan-activity;sid:81234176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rlmaktdzk/dqor_6268_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"demo.crcinks.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371075/; classtype:trojan-activity;sid:81234175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/8311/dqor_8311_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371074/; classtype:trojan-activity;sid:81234174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sayjcnoams/dqor_44746_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"sls-security.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371073/; classtype:trojan-activity;sid:81234173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zogrkz/5958887/dqor_5958887_27052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"retail5.com.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371072/; classtype:trojan-activity;sid:81234172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dkkp/jrityzjn.csk.exe"; http_uri; depth:22; isdataat:!1,relative; content:"185.205.209.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371071/; classtype:trojan-activity;sid:81234171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=4680a2a320aef80e|7c|26|7c|resid=4680a2a320aef80e%21106|7c|26|7c|authkey=ahwqb5edmzpsqis"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371070/; classtype:trojan-activity;sid:81234170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1kcdv1fyncgjxtdtbvram48cj3oy1-6qe"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371069/; classtype:trojan-activity;sid:81234169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1znneggzfb1ej4dpsjsad4ejjlnva30r1"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371068/; classtype:trojan-activity;sid:81234168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aozylktlcgha/4673243/dqor_4673243_27052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"ayanfer.com.tr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371067/; classtype:trojan-activity;sid:81234167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fayaicgjq/dqor_544_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"www.healthy-meal.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371066/; classtype:trojan-activity;sid:81234166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmdccsoe/50510945/dqor_50510945_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"advokatyanao.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371065/; classtype:trojan-activity;sid:81234165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cazrjfxab/54322869/dqor_54322869_27052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"absolutepeople.nl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371064/; classtype:trojan-activity;sid:81234164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iixccaajnij/2432/dqor_2432_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"www.mkt74.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371063/; classtype:trojan-activity;sid:81234163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zsldt/dqor_096_27052020.zip"; http_uri; depth:28; isdataat:!1,relative; content:"motivemedia.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371062/; classtype:trojan-activity;sid:81234162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubcypftvs/1390/dqor_1390_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"autoful.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371061/; classtype:trojan-activity;sid:81234161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371060/; classtype:trojan-activity;sid:81234160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371059/; classtype:trojan-activity;sid:81234159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371058/; classtype:trojan-activity;sid:81234158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371057/; classtype:trojan-activity;sid:81234157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; content:"172.245.52.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371056/; classtype:trojan-activity;sid:81234156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ykcbxm/630/dqor_630_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371055/; classtype:trojan-activity;sid:81234155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nhejdns/224672/dqor_224672_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"theninechicago.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371054/; classtype:trojan-activity;sid:81234154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/witxkro/742/dqor_742_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"service-acer.by"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371053/; classtype:trojan-activity;sid:81234153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bg/invoice.doc"; http_uri; depth:15; isdataat:!1,relative; content:"systemsecureserverprotocolgooglegood.duckdns.org"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371052/; classtype:trojan-activity;sid:81234152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alfh/xzrn.phpl=lfahe1.cab"; http_uri; depth:26; isdataat:!1,relative; content:"nrs2wjke0t2vz9.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371051/; classtype:trojan-activity;sid:81234151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ywqjwhwbz/dqor_219236_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"new.larimarmedspa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371050/; classtype:trojan-activity;sid:81234150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nygueketkad/42459350/dqor_42459350_27052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"mdsinfo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371049/; classtype:trojan-activity;sid:81234149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mefia/dqor_22985_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"www.sila86.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371048/; classtype:trojan-activity;sid:81234148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tqlouv/271038205/dqor_271038205_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"msmarfil.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371047/; classtype:trojan-activity;sid:81234147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qitpcizylas/678874278/dqor_678874278_27052020.zip"; http_uri; depth:50; isdataat:!1,relative; content:"marina-sk.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371046/; classtype:trojan-activity;sid:81234146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jbbevx/dqor_397930918_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"tradedecor.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371045/; classtype:trojan-activity;sid:81234145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mwinjhhtsxsg/88580/dqor_88580_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"uwpoolsetolk.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371044/; classtype:trojan-activity;sid:81234144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kohdf/9074280/dqor_9074280_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"movieskub.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371043/; classtype:trojan-activity;sid:81234143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rgbyxkph/dqor_523_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"horecaequip.com.ua"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371042/; classtype:trojan-activity;sid:81234142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/skzhdowbwpk/dqor_845020883_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"www.fleetservicepartners.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371041/; classtype:trojan-activity;sid:81234141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alfh/xzrn.phpl=lfahe6.cab"; http_uri; depth:26; isdataat:!1,relative; content:"j5sfioue15kxqs.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371040/; classtype:trojan-activity;sid:81234140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alfh/xzrn.phpl=lfahe9.cab"; http_uri; depth:26; isdataat:!1,relative; content:"ft23fpcu5yabw2.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371039/; classtype:trojan-activity;sid:81234139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lpayvvjxupto/314/dqor_314_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"treasureisland.com.my"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371038/; classtype:trojan-activity;sid:81234138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzsaiefbj/dqor_246_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"forumdelcorno.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371037/; classtype:trojan-activity;sid:81234137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mknqknxwjd/1132785/dqor_1132785_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"buynail.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371036/; classtype:trojan-activity;sid:81234136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.134.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371035/; classtype:trojan-activity;sid:81234135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371034/; classtype:trojan-activity;sid:81234134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.94.49.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371033/; classtype:trojan-activity;sid:81234133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.41.154.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371032/; classtype:trojan-activity;sid:81234132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.107.222.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371031/; classtype:trojan-activity;sid:81234131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371030/; classtype:trojan-activity;sid:81234130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.9.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371029/; classtype:trojan-activity;sid:81234129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.184.166.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371028/; classtype:trojan-activity;sid:81234128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alfh/xzrn.phpl=lfahe13.cab"; http_uri; depth:27; isdataat:!1,relative; content:"hswawuo7c8axfxw3.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371027/; classtype:trojan-activity;sid:81234127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/9ag11tnaer8n1hg/invoice-720030-payments"; http_uri; depth:45; isdataat:!1,relative; content:"dropbox.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371026/; classtype:trojan-activity;sid:81234126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sayjcnoams/dqor_3552_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"sls-security.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371025/; classtype:trojan-activity;sid:81234125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ranqoxvpujid/3634069/dqor_3634069_27052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"old.marina-sk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371024/; classtype:trojan-activity;sid:81234124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rgbyxkph/dqor_275_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"horecaequip.com.ua"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371023/; classtype:trojan-activity;sid:81234123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/panjd/2814/dqor_2814_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"seoopen.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371022/; classtype:trojan-activity;sid:81234122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ezztlykfk/830257/dqor_830257_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"centrumkulturygdynia.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371021/; classtype:trojan-activity;sid:81234121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yshjew/5888/dqor_5888_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"securityprotective.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371020/; classtype:trojan-activity;sid:81234120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kellyx/kellyx.exe"; http_uri; depth:18; isdataat:!1,relative; content:"abass.ir"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371019/; classtype:trojan-activity;sid:81234119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ksrhbrryopve/8576/dqor_8576_27052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"auto0.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371018/; classtype:trojan-activity;sid:81234118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ezztlykfk/dqor_7536472_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"centrumkulturygdynia.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371017/; classtype:trojan-activity;sid:81234117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vwzfvshtotg/028553/dqor_028553_27052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"daryvostoka.com.ua"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371016/; classtype:trojan-activity;sid:81234116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jppost.apk"; http_uri; depth:11; isdataat:!1,relative; content:"jppost-ka.co"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371015/; classtype:trojan-activity;sid:81234115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gbxee/7422116/dqor_7422116_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"bbkaproduction.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371014/; classtype:trojan-activity;sid:81234114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dcgtuzsk/dqor_93737_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"smackdownwaterfowlers.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371013/; classtype:trojan-activity;sid:81234113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyogpwgnwdkg/dqor_60037_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"temp.novi-tec.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371012/; classtype:trojan-activity;sid:81234112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/olshvi/0062/dqor_0062_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"seoair.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371011/; classtype:trojan-activity;sid:81234111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzmhljlljz/334602/dqor_334602_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"searchandsave.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371010/; classtype:trojan-activity;sid:81234110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gbxee/2401918/dqor_2401918_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"bbkaproduction.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371009/; classtype:trojan-activity;sid:81234109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubcypftvs/dqor_8416671_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"autoful.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371008/; classtype:trojan-activity;sid:81234108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amvbnqikftwu/95214/dqor_95214_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"a0409082.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371007/; classtype:trojan-activity;sid:81234107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amvbnqikftwu/dqor_907295_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"a0409082.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371006/; classtype:trojan-activity;sid:81234106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yjpyw/8776071/dqor_8776071_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"xn--80aadeo0bkmb7a6j.xn--p1ai"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371005/; classtype:trojan-activity;sid:81234105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ziangxgsxd/dqor_899179_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"pwe-china.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371004/; classtype:trojan-activity;sid:81234104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/thjyvgumh/7719/dqor_7719_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"thesportssync.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371003/; classtype:trojan-activity;sid:81234103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vknmwn/dqor_821592575_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"www.vash-sevastopol.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371002/; classtype:trojan-activity;sid:81234102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/get.php308695780510067996066"; http_uri; depth:29; isdataat:!1,relative; content:"madarc.com.au"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371001/; classtype:trojan-activity;sid:81234101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mework/ovvbx.exe"; http_uri; depth:17; isdataat:!1,relative; content:"ourhajn.me"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/371000/; classtype:trojan-activity;sid:81234100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fayaicgjq/dqor_533_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"www.healthy-meal.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370999/; classtype:trojan-activity;sid:81234099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fayaicgjq/dqor_893882_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"www.healthy-meal.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370998/; classtype:trojan-activity;sid:81234098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fayaicgjq/dqor_5643332_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"www.healthy-meal.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370997/; classtype:trojan-activity;sid:81234097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hjxegqw/4223581/dqor_4223581_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"reisnaarlonden.nl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370996/; classtype:trojan-activity;sid:81234096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pagament1.exe"; http_uri; depth:14; isdataat:!1,relative; content:"gstat.matthewsalemstolper.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370995/; classtype:trojan-activity;sid:81234095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vknmwn/9538/dqor_9538_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"www.vash-sevastopol.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370994/; classtype:trojan-activity;sid:81234094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kokaobasj/9901/dqor_9901_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"primemoversynergies.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370993/; classtype:trojan-activity;sid:81234093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzmhljlljz/825628/dqor_825628_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"searchandsave.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370992/; classtype:trojan-activity;sid:81234092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vtnfpauyaqfj/dqor_0406_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"paramparyam.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370991/; classtype:trojan-activity;sid:81234091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ksrhbrryopve/621561/dqor_621561_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"auto0.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370990/; classtype:trojan-activity;sid:81234090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vtnfpauyaqfj/99284/dqor_99284_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"paramparyam.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370989/; classtype:trojan-activity;sid:81234089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1uo6bvywxf3o123bok7miftk2ok-whs9o"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370988/; classtype:trojan-activity;sid:81234088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1lpaweqp26al7dulhl5ycwnu_pnwsjtfo"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370987/; classtype:trojan-activity;sid:81234087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wext/wa_qjcktgbeyu118.bin"; http_uri; depth:26; isdataat:!1,relative; content:"185.205.209.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370986/; classtype:trojan-activity;sid:81234086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1q6ngs6rxsj7ll_rywyhzkkswn7qvp3zy"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370985/; classtype:trojan-activity;sid:81234085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1tgm04c2zh0icvrkxeooymzi40wfdtdhd"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370984/; classtype:trojan-activity;sid:81234084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=fb75faf15d475dc5|7c|26|7c|resid=fb75faf15d475dc5%21106|7c|26|7c|authkey=ahle80mx-ophiks"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370983/; classtype:trojan-activity;sid:81234083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=3164ddeba70d2263|7c|26|7c|resid=3164ddeba70d2263%21106|7c|26|7c|authkey=afkvqrm4zoor8qq"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370982/; classtype:trojan-activity;sid:81234082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1zmx0wjra0vbwn8uckhzydhg7dxk3mz_t"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370981/; classtype:trojan-activity;sid:81234081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ng1pyd7_1nmxxscsykmoskdkgfvqtcua"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370980/; classtype:trojan-activity;sid:81234080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a1/bindonmaster_pnljydbm231.bin"; http_uri; depth:32; isdataat:!1,relative; content:"mexiwoodstudios.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370979/; classtype:trojan-activity;sid:81234079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1luq-19sonmgz8zz2jq05a8m8oobpwkj-"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370978/; classtype:trojan-activity;sid:81234078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1jgen1x_zuhssg_jw0_wjjlcvpgglj7ay"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370977/; classtype:trojan-activity;sid:81234077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wext/net-n_ocakzzdgp45.bin"; http_uri; depth:27; isdataat:!1,relative; content:"185.205.209.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370976/; classtype:trojan-activity;sid:81234076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=5cf421933f23ff14|7c|26|7c|resid=5cf421933f23ff14%21106|7c|26|7c|authkey=aggcqtz8ceiymmg"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370975/; classtype:trojan-activity;sid:81234075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1qj1bywj84j6kac1qyo9xpmvim6as8b64"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370974/; classtype:trojan-activity;sid:81234074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=17xbqul0fbvyai6oj40m6ktf9ag2kv9ue"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370973/; classtype:trojan-activity;sid:81234073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/thjyvgumh/378327588/dqor_378327588_27052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"thesportssync.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370972/; classtype:trojan-activity;sid:81234072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qnlmfr/dqor_6804823_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"xn--h1aevci0d.xn--p1ai"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370971/; classtype:trojan-activity;sid:81234071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hgxnb/dqor_79515_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"bimedia.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370970/; classtype:trojan-activity;sid:81234070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nhejdns/436/dqor_436_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"theninechicago.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370969/; classtype:trojan-activity;sid:81234069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plruqpsuui/6037911/dqor_6037911_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"aspazis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370968/; classtype:trojan-activity;sid:81234068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/spmrdxhzqbdl/dqor_1553751_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370967/; classtype:trojan-activity;sid:81234067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hgxnb/dqor_2650970_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"bimedia.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370966/; classtype:trojan-activity;sid:81234066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xvubjwm/8103297/dqor_8103297_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370965/; classtype:trojan-activity;sid:81234065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nzythexptxir/dqor_691_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"ayagerpheide.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370964/; classtype:trojan-activity;sid:81234064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uqomftdyf/48883/dqor_48883_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"temp.novi-tec.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370963/; classtype:trojan-activity;sid:81234063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/dqor_020374_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370962/; classtype:trojan-activity;sid:81234062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/guitckycbcga/22810822/dqor_22810822_27052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"tlcmoto.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370961/; classtype:trojan-activity;sid:81234061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ykcbxm/257/dqor_257_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370960/; classtype:trojan-activity;sid:81234060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xvubjwm/dqor_1043_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370959/; classtype:trojan-activity;sid:81234059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzjhxxasajl/392847749/dqor_392847749_27052020.zip"; http_uri; depth:50; isdataat:!1,relative; content:"pkp.cyto.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370958/; classtype:trojan-activity;sid:81234058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xvubjwm/210/dqor_210_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370957/; classtype:trojan-activity;sid:81234057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tpkqsgulchy/dqor_9968_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"lustrapro.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370956/; classtype:trojan-activity;sid:81234056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzsaiefbj/dqor_951427763_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"forumdelcorno.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370955/; classtype:trojan-activity;sid:81234055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/velsx/2918044/dqor_2918044_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"bimedia.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370954/; classtype:trojan-activity;sid:81234054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubcypftvs/dqor_0599_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"autoful.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370953/; classtype:trojan-activity;sid:81234053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rlmaktdzk/9570/dqor_9570_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"demo.crcinks.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370952/; classtype:trojan-activity;sid:81234052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/panjd/dqor_603627_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"seoopen.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370951/; classtype:trojan-activity;sid:81234051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cbmfsut/80374/dqor_80374_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"madisoncountyproject.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370950/; classtype:trojan-activity;sid:81234050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vwzfvshtotg/32237919/dqor_32237919_27052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"daryvostoka.com.ua"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370949/; classtype:trojan-activity;sid:81234049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xhbvrkxb/dqor_35063_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"valesports.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370948/; classtype:trojan-activity;sid:81234048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/guitckycbcga/dqor_0095_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"tlcmoto.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370947/; classtype:trojan-activity;sid:81234047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qnlmfr/dqor_151_27052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"xn--h1aevci0d.xn--p1ai"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370946/; classtype:trojan-activity;sid:81234046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxqbmrod/dqor_81039_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"calldata.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370945/; classtype:trojan-activity;sid:81234045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/taikew/dqor_097088446_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"mikosamara.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370944/; classtype:trojan-activity;sid:81234044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xvubjwm/315/dqor_315_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370943/; classtype:trojan-activity;sid:81234043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uvqgk/dqor_713491981_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"theojastrust.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370942/; classtype:trojan-activity;sid:81234042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/taikew/dqor_32486242_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"mikosamara.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370941/; classtype:trojan-activity;sid:81234041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vvbqjhocclh/dqor_76754966_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370940/; classtype:trojan-activity;sid:81234040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mwinjhhtsxsg/431600437/dqor_431600437_27052020.zip"; http_uri; depth:51; isdataat:!1,relative; content:"uwpoolsetolk.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370939/; classtype:trojan-activity;sid:81234039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxmctnykkk/2807117/dqor_2807117_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"maskankaraj.ir"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370938/; classtype:trojan-activity;sid:81234038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/thjyvgumh/dqor_710418098_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"thesportssync.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370937/; classtype:trojan-activity;sid:81234037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zogrkz/dqor_549155_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"retail5.com.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370936/; classtype:trojan-activity;sid:81234036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ehygnqcapf/dqor_4849774_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"moviestel.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370935/; classtype:trojan-activity;sid:81234035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yjpyw/2700/dqor_2700_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"xn--80aadeo0bkmb7a6j.xn--p1ai"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370934/; classtype:trojan-activity;sid:81234034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/astrsqkazm/3965/dqor_3965_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"aliveatchrist.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370933/; classtype:trojan-activity;sid:81234033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyogpwgnwdkg/dqor_072091_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"temp.novi-tec.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370932/; classtype:trojan-activity;sid:81234032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zsldt/dqor_583_27052020.zip"; http_uri; depth:28; isdataat:!1,relative; content:"motivemedia.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370931/; classtype:trojan-activity;sid:81234031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nwaumumppr/dqor_210020255_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"test.lampa23.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370930/; classtype:trojan-activity;sid:81234030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yshjew/dqor_46547711_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"securityprotective.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370929/; classtype:trojan-activity;sid:81234029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ycfpyeze/dqor_7820863_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"atozpumps.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370928/; classtype:trojan-activity;sid:81234028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ywqjwhwbz/4282760/dqor_4282760_27052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"new.larimarmedspa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370927/; classtype:trojan-activity;sid:81234027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tqlouv/71880559/dqor_71880559_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"msmarfil.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370926/; classtype:trojan-activity;sid:81234026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/emoiofs/75562936/dqor_75562936_27052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"mallestore.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370925/; classtype:trojan-activity;sid:81234025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qikocqe/dqor_6003_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"raisinghappy.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370924/; classtype:trojan-activity;sid:81234024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxmctnykkk/dqor_16497340_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"maskankaraj.ir"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370923/; classtype:trojan-activity;sid:81234023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plruqpsuui/dqor_8011_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"aspazis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370922/; classtype:trojan-activity;sid:81234022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ywqjwhwbz/dqor_7191709_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"new.larimarmedspa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370921/; classtype:trojan-activity;sid:81234021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sayjcnoams/dqor_61524_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"sls-security.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370920/; classtype:trojan-activity;sid:81234020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kokaobasj/45463/dqor_45463_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"primemoversynergies.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370919/; classtype:trojan-activity;sid:81234019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ziangxgsxd/207/dqor_207_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"pwe-china.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370918/; classtype:trojan-activity;sid:81234018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dcgtuzsk/dqor_377694116_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"smackdownwaterfowlers.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370917/; classtype:trojan-activity;sid:81234017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vvbqjhocclh/16695464/dqor_16695464_27052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370916/; classtype:trojan-activity;sid:81234016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/emoiofs/dqor_495_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"mallestore.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370915/; classtype:trojan-activity;sid:81234015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ypmgbrbre/dqor_45249780_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370914/; classtype:trojan-activity;sid:81234014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cbmfsut/7736/dqor_7736_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"madisoncountyproject.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370913/; classtype:trojan-activity;sid:81234013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uvqgk/dqor_0042929_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"theojastrust.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370912/; classtype:trojan-activity;sid:81234012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vwzfvshtotg/dqor_475173855_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"daryvostoka.com.ua"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370911/; classtype:trojan-activity;sid:81234011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nwaumumppr/dqor_261234_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"test.lampa23.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370910/; classtype:trojan-activity;sid:81234010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmdccsoe/dqor_75109641_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"advokatyanao.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370909/; classtype:trojan-activity;sid:81234009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plruqpsuui/dqor_748489_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"aspazis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370908/; classtype:trojan-activity;sid:81234008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qitpcizylas/1850/dqor_1850_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"marina-sk.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370907/; classtype:trojan-activity;sid:81234007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzmhljlljz/dqor_0610_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"searchandsave.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370906/; classtype:trojan-activity;sid:81234006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uvqgk/93125755/dqor_93125755_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"theojastrust.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370905/; classtype:trojan-activity;sid:81234005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ycfpyeze/3276951/dqor_3276951_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"atozpumps.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370904/; classtype:trojan-activity;sid:81234004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/876/dqor_876_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370903/; classtype:trojan-activity;sid:81234003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mwinjhhtsxsg/8911/dqor_8911_27052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"uwpoolsetolk.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370902/; classtype:trojan-activity;sid:81234002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ranqoxvpujid/dqor_24129796_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"old.marina-sk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370901/; classtype:trojan-activity;sid:81234001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ksrhbrryopve/dqor_20959_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"auto0.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370900/; classtype:trojan-activity;sid:81234000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/dqor_405_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370899/; classtype:trojan-activity;sid:81233999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qitpcizylas/20934060/dqor_20934060_27052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"marina-sk.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370898/; classtype:trojan-activity;sid:81233998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mefia/dqor_8265502_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"www.sila86.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370897/; classtype:trojan-activity;sid:81233997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/udzyvz/dqor_15092_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370896/; classtype:trojan-activity;sid:81233996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mlpuugixiuo/dqor_6086_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"takemehomeohiovalley.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370895/; classtype:trojan-activity;sid:81233995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxqbmrod/949/dqor_949_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"calldata.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370894/; classtype:trojan-activity;sid:81233994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zsldt/dqor_0431238_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"motivemedia.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370893/; classtype:trojan-activity;sid:81233993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plruqpsuui/dqor_6608057_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"aspazis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370892/; classtype:trojan-activity;sid:81233992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cydoosmn/694778209/dqor_694778209_27052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"nhfonline.com.my"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370891/; classtype:trojan-activity;sid:81233991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mwinjhhtsxsg/885951/dqor_885951_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"uwpoolsetolk.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370890/; classtype:trojan-activity;sid:81233990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/dqor_542306788_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370889/; classtype:trojan-activity;sid:81233989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sayjcnoams/509572/dqor_509572_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"sls-security.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370888/; classtype:trojan-activity;sid:81233988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jbbevx/dqor_358_27052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"tradedecor.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370887/; classtype:trojan-activity;sid:81233987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/thjyvgumh/dqor_29487_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"thesportssync.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370886/; classtype:trojan-activity;sid:81233986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/txiplfsdparb/dqor_8195_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"retail5.com.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370885/; classtype:trojan-activity;sid:81233985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vknmwn/dqor_5010983_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"www.vash-sevastopol.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370884/; classtype:trojan-activity;sid:81233984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fokxalev/6968/dqor_6968_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370883/; classtype:trojan-activity;sid:81233983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/udzyvz/dqor_335_27052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370882/; classtype:trojan-activity;sid:81233982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cydoosmn/dqor_938502929_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"nhfonline.com.my"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370881/; classtype:trojan-activity;sid:81233981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kipwf/676085/dqor_676085_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"kalpanascreations.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370880/; classtype:trojan-activity;sid:81233980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nygueketkad/49555/dqor_49555_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"mdsinfo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370879/; classtype:trojan-activity;sid:81233979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nzythexptxir/145/dqor_145_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"ayagerpheide.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370878/; classtype:trojan-activity;sid:81233978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qikocqe/dqor_001049_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"raisinghappy.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370877/; classtype:trojan-activity;sid:81233977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzjhxxasajl/67358871/dqor_67358871_27052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"pkp.cyto.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370876/; classtype:trojan-activity;sid:81233976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nwaumumppr/dqor_1812_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"test.lampa23.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370875/; classtype:trojan-activity;sid:81233975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/7867/dqor_7867_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370874/; classtype:trojan-activity;sid:81233974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ykcbxm/dqor_376009653_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370873/; classtype:trojan-activity;sid:81233973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nhejdns/023587264/dqor_023587264_27052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"theninechicago.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370872/; classtype:trojan-activity;sid:81233972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/olshvi/dqor_85461_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"seoair.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370871/; classtype:trojan-activity;sid:81233971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ziangxgsxd/dqor_1302_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"pwe-china.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370870/; classtype:trojan-activity;sid:81233970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/spmrdxhzqbdl/01605674/dqor_01605674_27052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370869/; classtype:trojan-activity;sid:81233969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xhbvrkxb/1855/dqor_1855_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"valesports.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370868/; classtype:trojan-activity;sid:81233968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cydoosmn/101650591/dqor_101650591_27052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"nhfonline.com.my"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370867/; classtype:trojan-activity;sid:81233967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xrfmj/dqor_463680_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370866/; classtype:trojan-activity;sid:81233966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mymmf/dqor_23407427_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"www.lamaddalenacinqueterre.it"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370865/; classtype:trojan-activity;sid:81233965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyogpwgnwdkg/dqor_966568_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"temp.novi-tec.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370864/; classtype:trojan-activity;sid:81233964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/witxkro/dqor_6968_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"service-acer.by"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370863/; classtype:trojan-activity;sid:81233963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lzzggyoq/8613/dqor_8613_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"vertigo-corporate.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370862/; classtype:trojan-activity;sid:81233962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/txiplfsdparb/7860/dqor_7860_27052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"retail5.com.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370861/; classtype:trojan-activity;sid:81233961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ykvshgszjoni/012/dqor_012_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"sochi.095hotel.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370860/; classtype:trojan-activity;sid:81233960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sayjcnoams/dqor_485802157_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"sls-security.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370859/; classtype:trojan-activity;sid:81233959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxqbmrod/dqor_480_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"calldata.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370858/; classtype:trojan-activity;sid:81233958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yjpyw/dqor_736_27052020.zip"; http_uri; depth:28; isdataat:!1,relative; content:"xn--80aadeo0bkmb7a6j.xn--p1ai"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370857/; classtype:trojan-activity;sid:81233957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nwaumumppr/9205/dqor_9205_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"test.lampa23.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370856/; classtype:trojan-activity;sid:81233956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzmhljlljz/dqor_686150_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"searchandsave.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370855/; classtype:trojan-activity;sid:81233955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxqbmrod/67727/dqor_67727_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"calldata.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370854/; classtype:trojan-activity;sid:81233954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ehygnqcapf/32455680/dqor_32455680_27052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"moviestel.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370853/; classtype:trojan-activity;sid:81233953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wjlrnakjy/52901/dqor_52901_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"aspazis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370852/; classtype:trojan-activity;sid:81233952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ziangxgsxd/dqor_9784_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"pwe-china.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370851/; classtype:trojan-activity;sid:81233951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xrfmj/dqor_89973649_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370850/; classtype:trojan-activity;sid:81233950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nygueketkad/8235/dqor_8235_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"mdsinfo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370849/; classtype:trojan-activity;sid:81233949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/astrsqkazm/dqor_819_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"aliveatchrist.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370848/; classtype:trojan-activity;sid:81233948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mymmf/dqor_04874926_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"www.lamaddalenacinqueterre.it"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370847/; classtype:trojan-activity;sid:81233947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vwzfvshtotg/dqor_0803325_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"daryvostoka.com.ua"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370846/; classtype:trojan-activity;sid:81233946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nwaumumppr/492/dqor_492_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"test.lampa23.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370845/; classtype:trojan-activity;sid:81233945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzsaiefbj/dqor_7206_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"forumdelcorno.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370844/; classtype:trojan-activity;sid:81233944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jbbevx/dqor_83921_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"tradedecor.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370843/; classtype:trojan-activity;sid:81233943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/dqor_68798095_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370842/; classtype:trojan-activity;sid:81233942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0xxx0xxxasdajshdsajhkgdja/sa0as.mpsl"; http_uri; depth:37; isdataat:!1,relative; content:"hwsrv-719848.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370841/; classtype:trojan-activity;sid:81233941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0xxx0xxxasdajshdsajhkgdja/sa0as.x86"; http_uri; depth:36; isdataat:!1,relative; content:"hwsrv-719848.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370840/; classtype:trojan-activity;sid:81233940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cuyxkod/dqor_864_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"inco.com.sg"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370839/; classtype:trojan-activity;sid:81233939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/udzyvz/387/dqor_387_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370838/; classtype:trojan-activity;sid:81233938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vtnfpauyaqfj/dqor_3711_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"paramparyam.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370837/; classtype:trojan-activity;sid:81233937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mymmf/dqor_72710307_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"www.lamaddalenacinqueterre.it"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370836/; classtype:trojan-activity;sid:81233936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qikocqe/dqor_37978193_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"raisinghappy.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370835/; classtype:trojan-activity;sid:81233935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/svvfzocnxhjq/dqor_2812_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"fruttyfood.by"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370834/; classtype:trojan-activity;sid:81233934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dcgtuzsk/dqor_771205192_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"smackdownwaterfowlers.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370833/; classtype:trojan-activity;sid:81233933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/guitckycbcga/dqor_330_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"tlcmoto.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370832/; classtype:trojan-activity;sid:81233932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yshjew/dqor_188_27052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"securityprotective.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370831/; classtype:trojan-activity;sid:81233931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xllwkeeeb/13836/dqor_13836_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"specinsulation.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370830/; classtype:trojan-activity;sid:81233930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mymmf/dqor_220192792_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"www.lamaddalenacinqueterre.it"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370829/; classtype:trojan-activity;sid:81233929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gbxee/dqor_12203_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"bbkaproduction.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370828/; classtype:trojan-activity;sid:81233928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzjhxxasajl/dqor_157127426_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"pkp.cyto.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370827/; classtype:trojan-activity;sid:81233927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/emoiofs/7664864/dqor_7664864_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"mallestore.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370826/; classtype:trojan-activity;sid:81233926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mymmf/043/dqor_043_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"www.lamaddalenacinqueterre.it"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370825/; classtype:trojan-activity;sid:81233925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dcgtuzsk/91233/dqor_91233_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"smackdownwaterfowlers.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370824/; classtype:trojan-activity;sid:81233924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/udzyvz/dqor_9213074_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370823/; classtype:trojan-activity;sid:81233923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xvubjwm/dqor_261_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370822/; classtype:trojan-activity;sid:81233922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubcypftvs/04129/dqor_04129_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"autoful.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370821/; classtype:trojan-activity;sid:81233921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ziangxgsxd/3305/dqor_3305_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"pwe-china.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370820/; classtype:trojan-activity;sid:81233920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyogpwgnwdkg/dqor_565469_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"temp.novi-tec.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370819/; classtype:trojan-activity;sid:81233919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ksrhbrryopve/85941026/dqor_85941026_27052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"auto0.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370818/; classtype:trojan-activity;sid:81233918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aozylktlcgha/dqor_4448_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"ayanfer.com.tr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370817/; classtype:trojan-activity;sid:81233917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxqbmrod/dqor_551501_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"calldata.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370816/; classtype:trojan-activity;sid:81233916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rytqpekqyxfc/751393/dqor_751393_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"printpressplus.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370815/; classtype:trojan-activity;sid:81233915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ykcbxm/2632/dqor_2632_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370814/; classtype:trojan-activity;sid:81233914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cazrjfxab/dqor_468_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"absolutepeople.nl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370813/; classtype:trojan-activity;sid:81233913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fayaicgjq/dqor_1159514_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"www.healthy-meal.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370812/; classtype:trojan-activity;sid:81233912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aozylktlcgha/dqor_304_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"ayanfer.com.tr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370811/; classtype:trojan-activity;sid:81233911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hgxnb/0492/dqor_0492_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"bimedia.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370810/; classtype:trojan-activity;sid:81233910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nhejdns/dqor_222492_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"theninechicago.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370809/; classtype:trojan-activity;sid:81233909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ykcbxm/dqor_95343282_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370808/; classtype:trojan-activity;sid:81233908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/spmrdxhzqbdl/080099279/dqor_080099279_27052020.zip"; http_uri; depth:51; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370807/; classtype:trojan-activity;sid:81233907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ranqoxvpujid/dqor_9464_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"old.marina-sk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370806/; classtype:trojan-activity;sid:81233906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kohdf/dqor_2387_27052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"movieskub.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370805/; classtype:trojan-activity;sid:81233905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; content:"107.158.154.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370804/; classtype:trojan-activity;sid:81233904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"94.102.63.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370803/; classtype:trojan-activity;sid:81233903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nzzjmltub/dqor_935_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"www.reginas.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370802/; classtype:trojan-activity;sid:81233902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mknqknxwjd/3367/dqor_3367_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"buynail.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370801/; classtype:trojan-activity;sid:81233901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ehygnqcapf/dqor_035137_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"moviestel.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370800/; classtype:trojan-activity;sid:81233900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xrfmj/9155/dqor_9155_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370799/; classtype:trojan-activity;sid:81233899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nhejdns/5117056/dqor_5117056_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"theninechicago.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370798/; classtype:trojan-activity;sid:81233898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzjhxxasajl/19061/dqor_19061_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"pkp.cyto.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370797/; classtype:trojan-activity;sid:81233897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xllwkeeeb/dqor_3084_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"specinsulation.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370796/; classtype:trojan-activity;sid:81233896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/suobc/dqor_788819_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"mywristwraps.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370795/; classtype:trojan-activity;sid:81233895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mlpuugixiuo/82273912/dqor_82273912_27052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"takemehomeohiovalley.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370794/; classtype:trojan-activity;sid:81233894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/spmrdxhzqbdl/dqor_24698087_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370793/; classtype:trojan-activity;sid:81233893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/udzyvz/dqor_399409_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370792/; classtype:trojan-activity;sid:81233892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xllwkeeeb/dqor_665_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"specinsulation.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370791/; classtype:trojan-activity;sid:81233891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nbagymubwhvi/31502576/dqor_31502576_27052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"securityprotective.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370790/; classtype:trojan-activity;sid:81233890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ezztlykfk/51441/dqor_51441_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"centrumkulturygdynia.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370789/; classtype:trojan-activity;sid:81233889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uvqgk/dqor_643_27052020.zip"; http_uri; depth:28; isdataat:!1,relative; content:"theojastrust.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370788/; classtype:trojan-activity;sid:81233888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yjpyw/dqor_63136802_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"xn--80aadeo0bkmb7a6j.xn--p1ai"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370787/; classtype:trojan-activity;sid:81233887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yshjew/9850159/dqor_9850159_27052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"securityprotective.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370786/; classtype:trojan-activity;sid:81233886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxqbmrod/dqor_60874_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"calldata.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370785/; classtype:trojan-activity;sid:81233885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cuyxkod/204310525/dqor_204310525_27052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"inco.com.sg"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370784/; classtype:trojan-activity;sid:81233884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vtnfpauyaqfj/dqor_0125_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"paramparyam.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370783/; classtype:trojan-activity;sid:81233883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ranqoxvpujid/dqor_686525897_27052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"old.marina-sk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370782/; classtype:trojan-activity;sid:81233882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sayjcnoams/dqor_829_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"sls-security.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370781/; classtype:trojan-activity;sid:81233881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/38832216/dqor_38832216_27052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370780/; classtype:trojan-activity;sid:81233880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sayjcnoams/570/dqor_570_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"sls-security.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370779/; classtype:trojan-activity;sid:81233879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tlisgunlmtop/5330/dqor_5330_27052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"acsabath.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370778/; classtype:trojan-activity;sid:81233878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gbxee/dqor_631_27052020.zip"; http_uri; depth:28; isdataat:!1,relative; content:"bbkaproduction.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370777/; classtype:trojan-activity;sid:81233877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hjxegqw/53250/dqor_53250_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"reisnaarlonden.nl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370776/; classtype:trojan-activity;sid:81233876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fayaicgjq/dqor_5916325_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"www.healthy-meal.shop"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370775/; classtype:trojan-activity;sid:81233875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; content:"159.65.218.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370774/; classtype:trojan-activity;sid:81233874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; content:"159.65.218.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370773/; classtype:trojan-activity;sid:81233873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"159.65.218.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370772/; classtype:trojan-activity;sid:81233872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; content:"159.65.218.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370771/; classtype:trojan-activity;sid:81233871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; content:"159.65.218.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370770/; classtype:trojan-activity;sid:81233870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; content:"159.65.218.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370769/; classtype:trojan-activity;sid:81233869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"159.65.218.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370768/; classtype:trojan-activity;sid:81233868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aozylktlcgha/dqor_39686_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"ayanfer.com.tr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370767/; classtype:trojan-activity;sid:81233867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wjlrnakjy/25382008/dqor_25382008_27052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"aspazis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370766/; classtype:trojan-activity;sid:81233866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xvubjwm/44637358/dqor_44637358_27052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370765/; classtype:trojan-activity;sid:81233865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxmctnykkk/8448/dqor_8448_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"maskankaraj.ir"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370764/; classtype:trojan-activity;sid:81233864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nzythexptxir/58670182/dqor_58670182_27052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"ayagerpheide.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370763/; classtype:trojan-activity;sid:81233863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vvbqjhocclh/1268/dqor_1268_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370762/; classtype:trojan-activity;sid:81233862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nhejdns/dqor_5229025_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"theninechicago.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370761/; classtype:trojan-activity;sid:81233861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ykcbxm/dqor_2668_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370760/; classtype:trojan-activity;sid:81233860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zsldt/55244/dqor_55244_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"motivemedia.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370759/; classtype:trojan-activity;sid:81233859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/guitckycbcga/dqor_4850031_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"tlcmoto.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370758/; classtype:trojan-activity;sid:81233858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qitpcizylas/dqor_81727580_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"marina-sk.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370757/; classtype:trojan-activity;sid:81233857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hgxnb/dqor_1838_27052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"bimedia.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370756/; classtype:trojan-activity;sid:81233856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xvubjwm/48014888/dqor_48014888_27052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370755/; classtype:trojan-activity;sid:81233855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nbagymubwhvi/88640/dqor_88640_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"securityprotective.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370754/; classtype:trojan-activity;sid:81233854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ykcbxm/dqor_2211_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370753/; classtype:trojan-activity;sid:81233853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cbmfsut/603800/dqor_603800_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"madisoncountyproject.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370752/; classtype:trojan-activity;sid:81233852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/txiplfsdparb/dqor_946_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"retail5.com.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370751/; classtype:trojan-activity;sid:81233851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xvubjwm/4414/dqor_4414_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370750/; classtype:trojan-activity;sid:81233850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nhejdns/693988176/dqor_693988176_27052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"theninechicago.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370749/; classtype:trojan-activity;sid:81233849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xhbvrkxb/93904549/dqor_93904549_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"valesports.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370748/; classtype:trojan-activity;sid:81233848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/olshvi/30053990/dqor_30053990_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"seoair.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370747/; classtype:trojan-activity;sid:81233847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vwzfvshtotg/dqor_085500_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"daryvostoka.com.ua"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370746/; classtype:trojan-activity;sid:81233846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ywqjwhwbz/dqor_95103440_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"new.larimarmedspa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370745/; classtype:trojan-activity;sid:81233845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cbmfsut/dqor_021444_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"madisoncountyproject.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370744/; classtype:trojan-activity;sid:81233844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zogrkz/753227463/dqor_753227463_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"retail5.com.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370743/; classtype:trojan-activity;sid:81233843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzsaiefbj/dqor_91177_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"forumdelcorno.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370742/; classtype:trojan-activity;sid:81233842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/velsx/dqor_25239304_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"bimedia.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370741/; classtype:trojan-activity;sid:81233841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gbojqmzyyief/dqor_5163_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"visuseguros.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370740/; classtype:trojan-activity;sid:81233840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmdccsoe/052/dqor_052_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"advokatyanao.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370739/; classtype:trojan-activity;sid:81233839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gbxee/dqor_98780_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"bbkaproduction.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370738/; classtype:trojan-activity;sid:81233838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amvbnqikftwu/dqor_8840_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"a0409082.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370737/; classtype:trojan-activity;sid:81233837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ypmgbrbre/23666/dqor_23666_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370736/; classtype:trojan-activity;sid:81233836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ykvshgszjoni/8543865/dqor_8543865_27052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"sochi.095hotel.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370735/; classtype:trojan-activity;sid:81233835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxmctnykkk/dqor_36006_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"maskankaraj.ir"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370734/; classtype:trojan-activity;sid:81233834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/utjfaohaqz/dqor_69739_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"dengidam.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370733/; classtype:trojan-activity;sid:81233833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nzzjmltub/dqor_4051_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"www.reginas.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370732/; classtype:trojan-activity;sid:81233832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xrfmj/808728/dqor_808728_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370731/; classtype:trojan-activity;sid:81233831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/olshvi/025253/dqor_025253_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"seoair.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370730/; classtype:trojan-activity;sid:81233830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hgxnb/575/dqor_575_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"bimedia.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370729/; classtype:trojan-activity;sid:81233829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ranqoxvpujid/968/dqor_968_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"old.marina-sk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370728/; classtype:trojan-activity;sid:81233828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nzythexptxir/5403866/dqor_5403866_27052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"ayagerpheide.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370727/; classtype:trojan-activity;sid:81233827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/olshvi/52533571/dqor_52533571_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"seoair.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370726/; classtype:trojan-activity;sid:81233826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nwaumumppr/8721/dqor_8721_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"test.lampa23.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370725/; classtype:trojan-activity;sid:81233825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vvbqjhocclh/95436/dqor_95436_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370724/; classtype:trojan-activity;sid:81233824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zogrkz/dqor_1353_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"retail5.com.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370723/; classtype:trojan-activity;sid:81233823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tpkqsgulchy/dqor_764903_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"lustrapro.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370722/; classtype:trojan-activity;sid:81233822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nzzjmltub/75385743/dqor_75385743_27052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"www.reginas.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370721/; classtype:trojan-activity;sid:81233821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lpayvvjxupto/7331178/dqor_7331178_27052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"treasureisland.com.my"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370720/; classtype:trojan-activity;sid:81233820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xvubjwm/3323439/dqor_3323439_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370719/; classtype:trojan-activity;sid:81233819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mefia/dqor_038607133_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"www.sila86.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370718/; classtype:trojan-activity;sid:81233818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jbbevx/992360645/dqor_992360645_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"tradedecor.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370717/; classtype:trojan-activity;sid:81233817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lpayvvjxupto/36492/dqor_36492_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"treasureisland.com.my"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370716/; classtype:trojan-activity;sid:81233816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mlpuugixiuo/dqor_43813059_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"takemehomeohiovalley.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370715/; classtype:trojan-activity;sid:81233815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xhbvrkxb/dqor_0443405_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"valesports.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370714/; classtype:trojan-activity;sid:81233814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ypmgbrbre/dqor_03452361_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370713/; classtype:trojan-activity;sid:81233813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iixccaajnij/dqor_5152_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"www.mkt74.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370712/; classtype:trojan-activity;sid:81233812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/udzyvz/dqor_981814996_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370711/; classtype:trojan-activity;sid:81233811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ycfpyeze/2243325/dqor_2243325_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"atozpumps.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370710/; classtype:trojan-activity;sid:81233810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/thjyvgumh/dqor_650_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"thesportssync.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370709/; classtype:trojan-activity;sid:81233809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/thjyvgumh/dqor_803943727_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"thesportssync.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370708/; classtype:trojan-activity;sid:81233808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/taikew/dqor_8388410_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"mikosamara.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370707/; classtype:trojan-activity;sid:81233807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zogrkz/dqor_366_27052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"retail5.com.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370706/; classtype:trojan-activity;sid:81233806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eeiffyv/dqor_31875_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"cavortsports.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370705/; classtype:trojan-activity;sid:81233805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kipwf/dqor_55474976_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"kalpanascreations.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370704/; classtype:trojan-activity;sid:81233804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/519712/dqor_519712_27052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370703/; classtype:trojan-activity;sid:81233803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eeiffyv/dqor_307_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"cavortsports.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370702/; classtype:trojan-activity;sid:81233802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/witxkro/dqor_2851_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"service-acer.by"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370701/; classtype:trojan-activity;sid:81233801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jbbevx/321438/dqor_321438_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"tradedecor.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370700/; classtype:trojan-activity;sid:81233800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vknmwn/dqor_240396993_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"www.vash-sevastopol.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370699/; classtype:trojan-activity;sid:81233799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fokxalev/dqor_880216_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370698/; classtype:trojan-activity;sid:81233798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nhejdns/57992/dqor_57992_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"theninechicago.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370697/; classtype:trojan-activity;sid:81233797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xvubjwm/dqor_561_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370696/; classtype:trojan-activity;sid:81233796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fokxalev/9799319/dqor_9799319_27052020.zip"; http_uri; depth:43; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370695/; classtype:trojan-activity;sid:81233795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/763/dqor_763_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370694/; classtype:trojan-activity;sid:81233794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zsldt/335765544/dqor_335765544_27052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"motivemedia.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370693/; classtype:trojan-activity;sid:81233793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qikocqe/dqor_650301815_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"raisinghappy.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370692/; classtype:trojan-activity;sid:81233792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mwinjhhtsxsg/3492522/dqor_3492522_27052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"uwpoolsetolk.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370691/; classtype:trojan-activity;sid:81233791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mlpuugixiuo/746/dqor_746_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"takemehomeohiovalley.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370690/; classtype:trojan-activity;sid:81233790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nwaumumppr/dqor_030115_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"test.lampa23.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370689/; classtype:trojan-activity;sid:81233789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nzzjmltub/dqor_921285_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"www.reginas.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370688/; classtype:trojan-activity;sid:81233788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zsldt/dqor_92490385_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"motivemedia.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370687/; classtype:trojan-activity;sid:81233787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmdccsoe/161371911/dqor_161371911_27052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"advokatyanao.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370686/; classtype:trojan-activity;sid:81233786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/thjyvgumh/8946/dqor_8946_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"thesportssync.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370685/; classtype:trojan-activity;sid:81233785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zsldt/56002497/dqor_56002497_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"motivemedia.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370684/; classtype:trojan-activity;sid:81233784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/suobc/936/dqor_936_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"mywristwraps.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370683/; classtype:trojan-activity;sid:81233783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mefia/6283850/dqor_6283850_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"www.sila86.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370682/; classtype:trojan-activity;sid:81233782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/udzyvz/dqor_434458_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"butikplaka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370681/; classtype:trojan-activity;sid:81233781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ziangxgsxd/174436890/dqor_174436890_27052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"pwe-china.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370680/; classtype:trojan-activity;sid:81233780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hgxnb/dqor_679065297_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"bimedia.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370679/; classtype:trojan-activity;sid:81233779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/spmrdxhzqbdl/dqor_42050547_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370678/; classtype:trojan-activity;sid:81233778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ypmgbrbre/304/dqor_304_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370677/; classtype:trojan-activity;sid:81233777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nzzjmltub/dqor_191816_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"www.reginas.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370676/; classtype:trojan-activity;sid:81233776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubcypftvs/8283/dqor_8283_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"autoful.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370675/; classtype:trojan-activity;sid:81233775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vvbqjhocclh/99787/dqor_99787_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370674/; classtype:trojan-activity;sid:81233774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/olshvi/dqor_54261024_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"seoair.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370673/; classtype:trojan-activity;sid:81233773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/txiplfsdparb/dqor_7119118_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"retail5.com.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370672/; classtype:trojan-activity;sid:81233772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ranqoxvpujid/815/dqor_815_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"old.marina-sk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370671/; classtype:trojan-activity;sid:81233771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/dqor_16715_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370670/; classtype:trojan-activity;sid:81233770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cbmfsut/dqor_1386744_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"madisoncountyproject.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370669/; classtype:trojan-activity;sid:81233769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kipwf/dqor_0400_27052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"kalpanascreations.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370668/; classtype:trojan-activity;sid:81233768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/667/dqor_667_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370667/; classtype:trojan-activity;sid:81233767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hxmctnykkk/dqor_049414_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"maskankaraj.ir"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370666/; classtype:trojan-activity;sid:81233766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzmhljlljz/557688656/dqor_557688656_27052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"searchandsave.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370665/; classtype:trojan-activity;sid:81233765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/dqor_0530609_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370664/; classtype:trojan-activity;sid:81233764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/svvfzocnxhjq/dqor_2820047_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"fruttyfood.by"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370663/; classtype:trojan-activity;sid:81233763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmdccsoe/759/dqor_759_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"advokatyanao.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370662/; classtype:trojan-activity;sid:81233762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/velsx/42959/dqor_42959_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"bimedia.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370661/; classtype:trojan-activity;sid:81233761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cbmfsut/dqor_521_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"madisoncountyproject.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370660/; classtype:trojan-activity;sid:81233760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vtnfpauyaqfj/dqor_4520458_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"paramparyam.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370659/; classtype:trojan-activity;sid:81233759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nhejdns/dqor_366999299_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"theninechicago.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370658/; classtype:trojan-activity;sid:81233758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fokxalev/593957327/dqor_593957327_27052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370657/; classtype:trojan-activity;sid:81233757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nhejdns/dqor_37288600_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"theninechicago.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370656/; classtype:trojan-activity;sid:81233756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nbagymubwhvi/dqor_2204412_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"securityprotective.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370655/; classtype:trojan-activity;sid:81233755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyogpwgnwdkg/dqor_6447_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"temp.novi-tec.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370654/; classtype:trojan-activity;sid:81233754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/7445/dqor_7445_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370653/; classtype:trojan-activity;sid:81233753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cbmfsut/dqor_3009_27052020.zip"; http_uri; depth:31; isdataat:!1,relative; content:"madisoncountyproject.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370652/; classtype:trojan-activity;sid:81233752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mknqknxwjd/dqor_8602_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"buynail.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370651/; classtype:trojan-activity;sid:81233751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xhbvrkxb/dqor_330992637_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"valesports.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370650/; classtype:trojan-activity;sid:81233750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/panjd/dqor_82506_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"seoopen.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370649/; classtype:trojan-activity;sid:81233749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxfmocventd/dqor_29287551_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"hollywoodmovielegends.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370648/; classtype:trojan-activity;sid:81233748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cuyxkod/762318/dqor_762318_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"inco.com.sg"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370647/; classtype:trojan-activity;sid:81233747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hgxnb/dqor_593845093_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"bimedia.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370646/; classtype:trojan-activity;sid:81233746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fokxalev/dqor_792140789_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370645/; classtype:trojan-activity;sid:81233745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nwaumumppr/dqor_956997781_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"test.lampa23.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370644/; classtype:trojan-activity;sid:81233744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ziangxgsxd/dqor_15085_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"pwe-china.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370643/; classtype:trojan-activity;sid:81233743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xhbvrkxb/dqor_550838_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"valesports.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370642/; classtype:trojan-activity;sid:81233742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vtnfpauyaqfj/261768/dqor_261768_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"paramparyam.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370641/; classtype:trojan-activity;sid:81233741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hbwrlpjujovl/1633/dqor_1633_27052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"texveen.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370640/; classtype:trojan-activity;sid:81233740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/az2.exe"; http_uri; depth:8; isdataat:!1,relative; content:"ffacscs.ug"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370639/; classtype:trojan-activity;sid:81233739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cydoosmn/dqor_3019992_27052020.zip"; http_uri; depth:35; isdataat:!1,relative; content:"nhfonline.com.my"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370638/; classtype:trojan-activity;sid:81233738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yshjew/dqor_0609_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"securityprotective.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370637/; classtype:trojan-activity;sid:81233737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/witxkro/dqor_9772360_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"service-acer.by"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370636/; classtype:trojan-activity;sid:81233736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plruqpsuui/dqor_187_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"aspazis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370635/; classtype:trojan-activity;sid:81233735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/olshvi/587/dqor_587_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"seoair.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370634/; classtype:trojan-activity;sid:81233734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fzmhljlljz/dqor_22593882_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"searchandsave.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370633/; classtype:trojan-activity;sid:81233733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qitpcizylas/50498058/dqor_50498058_27052020.zip"; http_uri; depth:48; isdataat:!1,relative; content:"marina-sk.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370632/; classtype:trojan-activity;sid:81233732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mknqknxwjd/dqor_7443580_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"buynail.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370631/; classtype:trojan-activity;sid:81233731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/velsx/dqor_9904_27052020.zip"; http_uri; depth:29; isdataat:!1,relative; content:"bimedia.nl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370630/; classtype:trojan-activity;sid:81233730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubcypftvs/3946/dqor_3946_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"autoful.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370629/; classtype:trojan-activity;sid:81233729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vknmwn/dqor_19217351_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"www.vash-sevastopol.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370628/; classtype:trojan-activity;sid:81233728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fokxalev/960377/dqor_960377_27052020.zip"; http_uri; depth:41; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370627/; classtype:trojan-activity;sid:81233727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mknqknxwjd/1034/dqor_1034_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"buynail.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370626/; classtype:trojan-activity;sid:81233726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyogpwgnwdkg/70611799/dqor_70611799_27052020.zip"; http_uri; depth:49; isdataat:!1,relative; content:"temp.novi-tec.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370625/; classtype:trojan-activity;sid:81233725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plruqpsuui/dqor_197_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"aspazis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370624/; classtype:trojan-activity;sid:81233724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kokaobasj/092/dqor_092_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"primemoversynergies.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370623/; classtype:trojan-activity;sid:81233723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/utjfaohaqz/02543757/dqor_02543757_27052020.zip"; http_uri; depth:47; isdataat:!1,relative; content:"dengidam.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370622/; classtype:trojan-activity;sid:81233722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zsldt/69171743/dqor_69171743_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"motivemedia.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370621/; classtype:trojan-activity;sid:81233721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vvbqjhocclh/5861/dqor_5861_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370620/; classtype:trojan-activity;sid:81233720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ypmgbrbre/41724414/dqor_41724414_27052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"shinywiy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370619/; classtype:trojan-activity;sid:81233719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sayjcnoams/dqor_204_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"sls-security.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370618/; classtype:trojan-activity;sid:81233718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gbxee/dqor_5860516_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"bbkaproduction.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370617/; classtype:trojan-activity;sid:81233717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/taikew/750/dqor_750_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"mikosamara.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370616/; classtype:trojan-activity;sid:81233716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mwinjhhtsxsg/183318072/dqor_183318072_27052020.zip"; http_uri; depth:51; isdataat:!1,relative; content:"uwpoolsetolk.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370615/; classtype:trojan-activity;sid:81233715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uqomftdyf/6133937/dqor_6133937_27052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"temp.novi-tec.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370614/; classtype:trojan-activity;sid:81233714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xvubjwm/260785256/dqor_260785256_27052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370613/; classtype:trojan-activity;sid:81233713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/olshvi/dqor_43909836_27052020.zip"; http_uri; depth:34; isdataat:!1,relative; content:"seoair.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370612/; classtype:trojan-activity;sid:81233712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ubcypftvs/dqor_646_27052020.zip"; http_uri; depth:32; isdataat:!1,relative; content:"autoful.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370611/; classtype:trojan-activity;sid:81233711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amvbnqikftwu/dqor_88905098_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"a0409082.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370610/; classtype:trojan-activity;sid:81233710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hbwrlpjujovl/dqor_39567757_27052020.zip"; http_uri; depth:40; isdataat:!1,relative; content:"texveen.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370609/; classtype:trojan-activity;sid:81233709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fokxalev/19470/dqor_19470_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"zirnvis.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370608/; classtype:trojan-activity;sid:81233708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qikocqe/dqor_666775_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"raisinghappy.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370607/; classtype:trojan-activity;sid:81233707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vknmwn/431726076/dqor_431726076_27052020.zip"; http_uri; depth:45; isdataat:!1,relative; content:"www.vash-sevastopol.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370606/; classtype:trojan-activity;sid:81233706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ywqjwhwbz/634830/dqor_634830_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"new.larimarmedspa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370605/; classtype:trojan-activity;sid:81233705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lpayvvjxupto/dqor_590457_27052020.zip"; http_uri; depth:38; isdataat:!1,relative; content:"treasureisland.com.my"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370604/; classtype:trojan-activity;sid:81233704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nygueketkad/22058/dqor_22058_27052020.zip"; http_uri; depth:42; isdataat:!1,relative; content:"mdsinfo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370603/; classtype:trojan-activity;sid:81233703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ranqoxvpujid/093/dqor_093_27052020.zip"; http_uri; depth:39; isdataat:!1,relative; content:"old.marina-sk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370602/; classtype:trojan-activity;sid:81233702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xrfmj/218913684/dqor_218913684_27052020.zip"; http_uri; depth:44; isdataat:!1,relative; content:"prijsfijn.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370601/; classtype:trojan-activity;sid:81233701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xllwkeeeb/dqor_0750120_27052020.zip"; http_uri; depth:36; isdataat:!1,relative; content:"specinsulation.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370600/; classtype:trojan-activity;sid:81233700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bvnivi/18110/dqor_18110_27052020.zip"; http_uri; depth:37; isdataat:!1,relative; content:"a0001197.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370599/; classtype:trojan-activity;sid:81233699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cbmfsut/dqor_741_27052020.zip"; http_uri; depth:30; isdataat:!1,relative; content:"madisoncountyproject.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370598/; classtype:trojan-activity;sid:81233698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mymmf/dqor_30663750_27052020.zip"; http_uri; depth:33; isdataat:!1,relative; content:"www.lamaddalenacinqueterre.it"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370597/; classtype:trojan-activity;sid:81233697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzsaiefbj/05564170/dqor_05564170_27052020.zip"; http_uri; depth:46; isdataat:!1,relative; content:"forumdelcorno.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_05_28; reference:url, urlhaus.abuse.ch/url/370596/; classtype:trojan-activity;sid:81233696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET";