################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2022-01-25 03:53:06 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.246.207.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004133/; classtype:trojan-activity;sid:82867233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.84.106.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004131/; classtype:trojan-activity;sid:82867231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.122.58.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004132/; classtype:trojan-activity;sid:82867232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.220.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004126/; classtype:trojan-activity;sid:82867226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.142.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004127/; classtype:trojan-activity;sid:82867227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.121.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004128/; classtype:trojan-activity;sid:82867228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.79.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004130/; classtype:trojan-activity;sid:82867230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.0.203.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004125/; classtype:trojan-activity;sid:82867225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.102.0.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004124/; classtype:trojan-activity;sid:82867224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.137.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004123/; classtype:trojan-activity;sid:82867223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.154.24.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004122/; classtype:trojan-activity;sid:82867222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.119.123.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004121/; classtype:trojan-activity;sid:82867221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.100.91.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004120/; classtype:trojan-activity;sid:82867220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.122.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004119/; classtype:trojan-activity;sid:82867219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004118)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.195.13.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004118/; classtype:trojan-activity;sid:82867218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.146.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004112/; classtype:trojan-activity;sid:82867212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.26.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004113/; classtype:trojan-activity;sid:82867213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.129.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004114/; classtype:trojan-activity;sid:82867214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.20.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004115/; classtype:trojan-activity;sid:82867215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.18.239.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004116/; classtype:trojan-activity;sid:82867216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.124.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004110/; classtype:trojan-activity;sid:82867210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.197.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004111/; classtype:trojan-activity;sid:82867211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.243.154.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004109/; classtype:trojan-activity;sid:82867209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.129.218.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004108/; classtype:trojan-activity;sid:82867208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.9.132.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004107/; classtype:trojan-activity;sid:82867207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.11.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004105/; classtype:trojan-activity;sid:82867205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.19.199.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004106/; classtype:trojan-activity;sid:82867206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.102.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004104/; classtype:trojan-activity;sid:82867204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.83.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004103/; classtype:trojan-activity;sid:82867203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.169.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004102/; classtype:trojan-activity;sid:82867202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.193.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004101/; classtype:trojan-activity;sid:82867201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004100)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"69.138.106.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004100/; classtype:trojan-activity;sid:82867200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004096)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.173.24.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004096/; classtype:trojan-activity;sid:82867196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004097)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.173.24.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004097/; classtype:trojan-activity;sid:82867197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.173.24.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004098/; classtype:trojan-activity;sid:82867198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004099)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.x486"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.173.24.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004099/; classtype:trojan-activity;sid:82867199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004092)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.173.24.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004092/; classtype:trojan-activity;sid:82867192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004093)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.173.24.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004093/; classtype:trojan-activity;sid:82867193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004094)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.173.24.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004094/; classtype:trojan-activity;sid:82867194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004095)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.173.24.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004095/; classtype:trojan-activity;sid:82867195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004087)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.mips64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.173.24.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004087/; classtype:trojan-activity;sid:82867187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004088)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.173.24.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004088/; classtype:trojan-activity;sid:82867188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004089)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.173.24.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004089/; classtype:trojan-activity;sid:82867189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004090)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.173.24.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004090/; classtype:trojan-activity;sid:82867190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004091)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.173.24.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004091/; classtype:trojan-activity;sid:82867191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.79.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004084/; classtype:trojan-activity;sid:82867184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.219.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004085/; classtype:trojan-activity;sid:82867185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.245.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004086/; classtype:trojan-activity;sid:82867186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.112.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004081/; classtype:trojan-activity;sid:82867181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.75.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004082/; classtype:trojan-activity;sid:82867182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.94.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004083/; classtype:trojan-activity;sid:82867183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.123.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004074/; classtype:trojan-activity;sid:82867174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.190.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004075/; classtype:trojan-activity;sid:82867175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.204.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004077/; classtype:trojan-activity;sid:82867177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.184.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004078/; classtype:trojan-activity;sid:82867178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.160.116.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004079/; classtype:trojan-activity;sid:82867179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.52.166.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004080/; classtype:trojan-activity;sid:82867180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.172.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004073/; classtype:trojan-activity;sid:82867173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.169.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004072/; classtype:trojan-activity;sid:82867172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.82.48.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004071/; classtype:trojan-activity;sid:82867171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.172.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004070/; classtype:trojan-activity;sid:82867170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.47.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004069/; classtype:trojan-activity;sid:82867169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.235.26.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004068/; classtype:trojan-activity;sid:82867168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.181.65.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004067/; classtype:trojan-activity;sid:82867167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.214.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004066/; classtype:trojan-activity;sid:82867166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.213.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004065/; classtype:trojan-activity;sid:82867165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.197.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004063/; classtype:trojan-activity;sid:82867163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.37.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004064/; classtype:trojan-activity;sid:82867164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.253.162.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004062/; classtype:trojan-activity;sid:82867162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.203.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004060/; classtype:trojan-activity;sid:82867160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.178.113.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004061/; classtype:trojan-activity;sid:82867161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.123.23.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004055/; classtype:trojan-activity;sid:82867155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.199.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004056/; classtype:trojan-activity;sid:82867156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.240.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004058/; classtype:trojan-activity;sid:82867158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.40.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004050/; classtype:trojan-activity;sid:82867150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.138.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004051/; classtype:trojan-activity;sid:82867151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.57.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004052/; classtype:trojan-activity;sid:82867152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.184.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004053/; classtype:trojan-activity;sid:82867153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.26.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004049/; classtype:trojan-activity;sid:82867149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"197.232.139.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004047/; classtype:trojan-activity;sid:82867147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004046/; classtype:trojan-activity;sid:82867146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.193.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004045/; classtype:trojan-activity;sid:82867145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.83.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004044/; classtype:trojan-activity;sid:82867144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.244.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004042/; classtype:trojan-activity;sid:82867142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004043)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.230.124.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004043/; classtype:trojan-activity;sid:82867143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.169.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004041/; classtype:trojan-activity;sid:82867141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004039)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"172.254.69.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004039/; classtype:trojan-activity;sid:82867139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.170.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004038/; classtype:trojan-activity;sid:82867138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004037)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.232.55.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004037/; classtype:trojan-activity;sid:82867137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.207.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004036/; classtype:trojan-activity;sid:82867136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.151.74.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004035/; classtype:trojan-activity;sid:82867135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.99.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004032/; classtype:trojan-activity;sid:82867132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.14.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004033/; classtype:trojan-activity;sid:82867133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.135.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004034/; classtype:trojan-activity;sid:82867134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.173.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004031/; classtype:trojan-activity;sid:82867131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.122.71.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004030/; classtype:trojan-activity;sid:82867130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.246.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004028/; classtype:trojan-activity;sid:82867128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.12.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004029/; classtype:trojan-activity;sid:82867129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004027/; classtype:trojan-activity;sid:82867127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.13.3.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004023/; classtype:trojan-activity;sid:82867123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.70.129.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004024/; classtype:trojan-activity;sid:82867124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.217.121.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004019/; classtype:trojan-activity;sid:82867119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.238.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004020/; classtype:trojan-activity;sid:82867120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.208.152.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004021/; classtype:trojan-activity;sid:82867121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.39.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004022/; classtype:trojan-activity;sid:82867122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.37.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004016/; classtype:trojan-activity;sid:82867116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.6.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004017/; classtype:trojan-activity;sid:82867117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.7.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004018/; classtype:trojan-activity;sid:82867118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.241.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004014/; classtype:trojan-activity;sid:82867114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.34.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004008/; classtype:trojan-activity;sid:82867108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.91.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004009/; classtype:trojan-activity;sid:82867109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.60.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004010/; classtype:trojan-activity;sid:82867110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.164.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004011/; classtype:trojan-activity;sid:82867111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.51.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004012/; classtype:trojan-activity;sid:82867112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.107.153.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004013/; classtype:trojan-activity;sid:82867113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.134.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004007/; classtype:trojan-activity;sid:82867107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.89.54.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004004/; classtype:trojan-activity;sid:82867104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.226.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004005/; classtype:trojan-activity;sid:82867105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.170.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004003/; classtype:trojan-activity;sid:82867103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2004002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.227.219.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2004002/; classtype:trojan-activity;sid:82867102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.183.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003999/; classtype:trojan-activity;sid:82867099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.124.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003997/; classtype:trojan-activity;sid:82867097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.18.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003998/; classtype:trojan-activity;sid:82867098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.123.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003996/; classtype:trojan-activity;sid:82867096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.84.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003994/; classtype:trojan-activity;sid:82867094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.195.165.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003992/; classtype:trojan-activity;sid:82867092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.81.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003988/; classtype:trojan-activity;sid:82867088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.82.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003989/; classtype:trojan-activity;sid:82867089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.188.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003990/; classtype:trojan-activity;sid:82867090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.154.24.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003991/; classtype:trojan-activity;sid:82867091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.199.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003985/; classtype:trojan-activity;sid:82867085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.189.103.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003984/; classtype:trojan-activity;sid:82867084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.214.72.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003983/; classtype:trojan-activity;sid:82867083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.97.93.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003979/; classtype:trojan-activity;sid:82867079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.178.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003980/; classtype:trojan-activity;sid:82867080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.213.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003981/; classtype:trojan-activity;sid:82867081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.163.147.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003976/; classtype:trojan-activity;sid:82867076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.141.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003977/; classtype:trojan-activity;sid:82867077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.206.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003978/; classtype:trojan-activity;sid:82867078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.94.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003973/; classtype:trojan-activity;sid:82867073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.50.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003974/; classtype:trojan-activity;sid:82867074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.160.179.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003975/; classtype:trojan-activity;sid:82867075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.210.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003972/; classtype:trojan-activity;sid:82867072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.183.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003971/; classtype:trojan-activity;sid:82867071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.135.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003970/; classtype:trojan-activity;sid:82867070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.24.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003969/; classtype:trojan-activity;sid:82867069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003968)"; flow:established,from_client; content:"GET"; http_method; content:"/myblog/posts/32.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.255.100.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003968/; classtype:trojan-activity;sid:82867068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.81.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003966/; classtype:trojan-activity;sid:82867066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003965)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.119.16.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003965/; classtype:trojan-activity;sid:82867065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.21.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003964/; classtype:trojan-activity;sid:82867064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.57.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003962/; classtype:trojan-activity;sid:82867062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.90.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003961/; classtype:trojan-activity;sid:82867061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.98.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003960/; classtype:trojan-activity;sid:82867060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.212.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003959/; classtype:trojan-activity;sid:82867059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.232.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003956/; classtype:trojan-activity;sid:82867056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.216.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003957/; classtype:trojan-activity;sid:82867057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.88.198.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003958/; classtype:trojan-activity;sid:82867058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.219.102.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003955/; classtype:trojan-activity;sid:82867055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.24.111.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003953/; classtype:trojan-activity;sid:82867053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003954)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"187.144.69.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003954/; classtype:trojan-activity;sid:82867054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.156.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003951/; classtype:trojan-activity;sid:82867051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.170.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003952/; classtype:trojan-activity;sid:82867052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003948)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.77.58.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003948/; classtype:trojan-activity;sid:82867048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.160.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003946/; classtype:trojan-activity;sid:82867046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003944)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.150.131.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003944/; classtype:trojan-activity;sid:82867044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.183.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003945/; classtype:trojan-activity;sid:82867045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.178.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003943/; classtype:trojan-activity;sid:82867043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.199.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003941/; classtype:trojan-activity;sid:82867041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.9.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003940/; classtype:trojan-activity;sid:82867040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.33.98.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003938/; classtype:trojan-activity;sid:82867038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.183.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003939/; classtype:trojan-activity;sid:82867039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.232.182.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003935/; classtype:trojan-activity;sid:82867035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.113.12.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003934/; classtype:trojan-activity;sid:82867034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.148.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003933/; classtype:trojan-activity;sid:82867033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.209.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003932/; classtype:trojan-activity;sid:82867032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.83.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003930/; classtype:trojan-activity;sid:82867030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.21.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003929/; classtype:trojan-activity;sid:82867029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.235.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003928/; classtype:trojan-activity;sid:82867028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.1.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003925/; classtype:trojan-activity;sid:82867025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.127.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003926/; classtype:trojan-activity;sid:82867026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.9.164"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003920/; classtype:trojan-activity;sid:82867020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.111.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003921/; classtype:trojan-activity;sid:82867021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.88.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003922/; classtype:trojan-activity;sid:82867022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.13.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003923/; classtype:trojan-activity;sid:82867023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.93.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003924/; classtype:trojan-activity;sid:82867024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.78.53.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003919/; classtype:trojan-activity;sid:82867019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.238.187.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003918/; classtype:trojan-activity;sid:82867018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.200.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003916/; classtype:trojan-activity;sid:82867016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.40.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003915/; classtype:trojan-activity;sid:82867015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003914/; classtype:trojan-activity;sid:82867014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.232.228.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003913/; classtype:trojan-activity;sid:82867013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.172.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003912/; classtype:trojan-activity;sid:82867012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.147.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003911/; classtype:trojan-activity;sid:82867011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.72.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003907/; classtype:trojan-activity;sid:82867007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.57.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003908/; classtype:trojan-activity;sid:82867008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.224.168.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003909/; classtype:trojan-activity;sid:82867009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.34.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003905/; classtype:trojan-activity;sid:82867005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.200.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003906/; classtype:trojan-activity;sid:82867006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.25.132.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003903/; classtype:trojan-activity;sid:82867003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.124.31.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003904/; classtype:trojan-activity;sid:82867004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.208.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003901/; classtype:trojan-activity;sid:82867001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.50.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003902/; classtype:trojan-activity;sid:82867002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.152.159.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003896/; classtype:trojan-activity;sid:82866996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.56.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003897/; classtype:trojan-activity;sid:82866997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.245.187.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003898/; classtype:trojan-activity;sid:82866998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.88.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003894/; classtype:trojan-activity;sid:82866994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.116.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003895/; classtype:trojan-activity;sid:82866995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.47.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003892/; classtype:trojan-activity;sid:82866992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.88.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003890/; classtype:trojan-activity;sid:82866990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003889)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.116.239.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003889/; classtype:trojan-activity;sid:82866989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.187.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003888/; classtype:trojan-activity;sid:82866988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003884/; classtype:trojan-activity;sid:82866984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.71.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003885/; classtype:trojan-activity;sid:82866985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.22.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003886/; classtype:trojan-activity;sid:82866986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.37.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003880/; classtype:trojan-activity;sid:82866980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.34.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003881/; classtype:trojan-activity;sid:82866981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.20.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003882/; classtype:trojan-activity;sid:82866982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.44.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003875/; classtype:trojan-activity;sid:82866975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.164.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003876/; classtype:trojan-activity;sid:82866976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.25.95.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003877/; classtype:trojan-activity;sid:82866977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.165.88.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003870/; classtype:trojan-activity;sid:82866970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.94.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003871/; classtype:trojan-activity;sid:82866971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.87.32.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003872/; classtype:trojan-activity;sid:82866972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.124.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003873/; classtype:trojan-activity;sid:82866973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.237.156.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003869/; classtype:trojan-activity;sid:82866969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.84.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003867/; classtype:trojan-activity;sid:82866967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.200.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003866/; classtype:trojan-activity;sid:82866966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.24.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003864/; classtype:trojan-activity;sid:82866964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.46.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003865/; classtype:trojan-activity;sid:82866965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.183.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003859/; classtype:trojan-activity;sid:82866959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.179.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003861/; classtype:trojan-activity;sid:82866961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.165.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003862/; classtype:trojan-activity;sid:82866962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.38.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003857/; classtype:trojan-activity;sid:82866957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.125.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003858/; classtype:trojan-activity;sid:82866958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.247.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003855/; classtype:trojan-activity;sid:82866955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.245.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003856/; classtype:trojan-activity;sid:82866956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.216.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003850/; classtype:trojan-activity;sid:82866950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.88.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003851/; classtype:trojan-activity;sid:82866951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.45.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003852/; classtype:trojan-activity;sid:82866952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003853)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.155.253.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003853/; classtype:trojan-activity;sid:82866953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.144.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003849/; classtype:trojan-activity;sid:82866949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.47.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003848/; classtype:trojan-activity;sid:82866948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.160.116.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003847/; classtype:trojan-activity;sid:82866947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.153.130.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003846/; classtype:trojan-activity;sid:82866946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003844)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"39.164.48.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003844/; classtype:trojan-activity;sid:82866944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003842)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.242.152.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003842/; classtype:trojan-activity;sid:82866942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.47.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003841/; classtype:trojan-activity;sid:82866941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.203.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003839/; classtype:trojan-activity;sid:82866939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.246.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003837/; classtype:trojan-activity;sid:82866937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.14.25.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003835/; classtype:trojan-activity;sid:82866935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.214.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003833/; classtype:trojan-activity;sid:82866933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.143.184.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003834/; classtype:trojan-activity;sid:82866934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.125.9.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003832/; classtype:trojan-activity;sid:82866932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.182.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003829/; classtype:trojan-activity;sid:82866929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003830/; classtype:trojan-activity;sid:82866930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.95.28.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003831/; classtype:trojan-activity;sid:82866931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.36.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003828/; classtype:trojan-activity;sid:82866928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003827/; classtype:trojan-activity;sid:82866927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.237.156.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003826/; classtype:trojan-activity;sid:82866926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.160.116.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003825/; classtype:trojan-activity;sid:82866925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.78.39.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003824/; classtype:trojan-activity;sid:82866924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.208.30.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003823/; classtype:trojan-activity;sid:82866923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.156.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003822/; classtype:trojan-activity;sid:82866922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.203.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003820/; classtype:trojan-activity;sid:82866920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.173.36.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003821/; classtype:trojan-activity;sid:82866921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.182.118.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003816/; classtype:trojan-activity;sid:82866916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.55.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003817/; classtype:trojan-activity;sid:82866917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.184.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003818/; classtype:trojan-activity;sid:82866918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.8.250.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003809/; classtype:trojan-activity;sid:82866909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.15.89.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003810/; classtype:trojan-activity;sid:82866910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.37.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003812/; classtype:trojan-activity;sid:82866912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.41.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003813/; classtype:trojan-activity;sid:82866913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.236.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003808/; classtype:trojan-activity;sid:82866908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.54.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003803/; classtype:trojan-activity;sid:82866903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.163.161.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003805/; classtype:trojan-activity;sid:82866905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.167.165.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003806/; classtype:trojan-activity;sid:82866906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.145.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003802/; classtype:trojan-activity;sid:82866902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.14.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003798/; classtype:trojan-activity;sid:82866898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.182.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003794/; classtype:trojan-activity;sid:82866894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.84.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_25; reference:url, urlhaus.abuse.ch/url/2003786/; classtype:trojan-activity;sid:82866886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.207.222.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003785/; classtype:trojan-activity;sid:82866885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003784)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"63.236.134.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003784/; classtype:trojan-activity;sid:82866884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.102.128.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003783/; classtype:trojan-activity;sid:82866883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.103.205.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003782/; classtype:trojan-activity;sid:82866882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.183.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003781/; classtype:trojan-activity;sid:82866881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.205.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003778/; classtype:trojan-activity;sid:82866878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.111.204.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003779/; classtype:trojan-activity;sid:82866879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003780)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.28.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003780/; classtype:trojan-activity;sid:82866880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.154.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003777/; classtype:trojan-activity;sid:82866877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.159.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003773/; classtype:trojan-activity;sid:82866873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.201.175.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003774/; classtype:trojan-activity;sid:82866874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.136.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003775/; classtype:trojan-activity;sid:82866875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.245.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003776/; classtype:trojan-activity;sid:82866876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.13.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003770/; classtype:trojan-activity;sid:82866870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.52.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003771/; classtype:trojan-activity;sid:82866871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003772/; classtype:trojan-activity;sid:82866872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.99.220.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003769/; classtype:trojan-activity;sid:82866869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.233.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003768/; classtype:trojan-activity;sid:82866868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.201.47.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003767/; classtype:trojan-activity;sid:82866867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.125.169.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003765/; classtype:trojan-activity;sid:82866865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.42.109.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003766/; classtype:trojan-activity;sid:82866866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.16.51.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003764/; classtype:trojan-activity;sid:82866864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.239.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003763/; classtype:trojan-activity;sid:82866863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003762)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.102.100.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003762/; classtype:trojan-activity;sid:82866862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.156.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003760/; classtype:trojan-activity;sid:82866860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.158.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003761/; classtype:trojan-activity;sid:82866861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.71.26.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003759/; classtype:trojan-activity;sid:82866859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.186.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003758/; classtype:trojan-activity;sid:82866858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.240.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003752/; classtype:trojan-activity;sid:82866852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.102.16.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003753/; classtype:trojan-activity;sid:82866853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.84.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003754/; classtype:trojan-activity;sid:82866854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.100.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003755/; classtype:trojan-activity;sid:82866855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.249.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003756/; classtype:trojan-activity;sid:82866856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.45.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003757/; classtype:trojan-activity;sid:82866857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.87.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003749/; classtype:trojan-activity;sid:82866849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.201.204.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003750/; classtype:trojan-activity;sid:82866850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.89.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003751/; classtype:trojan-activity;sid:82866851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.236.191.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003748/; classtype:trojan-activity;sid:82866848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.8.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003746/; classtype:trojan-activity;sid:82866846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.170.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003747/; classtype:trojan-activity;sid:82866847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.6.135.164"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003745/; classtype:trojan-activity;sid:82866845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.125.10.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003744/; classtype:trojan-activity;sid:82866844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.135.135.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003743/; classtype:trojan-activity;sid:82866843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.85.35.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003742/; classtype:trojan-activity;sid:82866842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.89.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003741/; classtype:trojan-activity;sid:82866841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.135.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003740/; classtype:trojan-activity;sid:82866840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.183.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003739/; classtype:trojan-activity;sid:82866839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.154.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003738/; classtype:trojan-activity;sid:82866838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.232.183.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003737/; classtype:trojan-activity;sid:82866837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.107.92.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003736/; classtype:trojan-activity;sid:82866836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.22.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003734/; classtype:trojan-activity;sid:82866834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.111.204.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003735/; classtype:trojan-activity;sid:82866835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.163.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003733/; classtype:trojan-activity;sid:82866833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.140.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003728/; classtype:trojan-activity;sid:82866828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.8.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003729/; classtype:trojan-activity;sid:82866829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.23.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003730/; classtype:trojan-activity;sid:82866830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.138.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003731/; classtype:trojan-activity;sid:82866831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.89.182.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003732/; classtype:trojan-activity;sid:82866832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.112.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003726/; classtype:trojan-activity;sid:82866826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.149.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003727/; classtype:trojan-activity;sid:82866827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.70.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003725/; classtype:trojan-activity;sid:82866825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.1.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003724/; classtype:trojan-activity;sid:82866824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.73.38.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003720/; classtype:trojan-activity;sid:82866820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.145.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003721/; classtype:trojan-activity;sid:82866821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.16.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003722/; classtype:trojan-activity;sid:82866822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.167.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003723/; classtype:trojan-activity;sid:82866823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.54.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003716/; classtype:trojan-activity;sid:82866816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.203.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003717/; classtype:trojan-activity;sid:82866817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.161.245.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003718/; classtype:trojan-activity;sid:82866818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.220.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003719/; classtype:trojan-activity;sid:82866819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.152.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003714/; classtype:trojan-activity;sid:82866814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.168.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003715/; classtype:trojan-activity;sid:82866815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.135.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003713/; classtype:trojan-activity;sid:82866813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.102.217.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003712/; classtype:trojan-activity;sid:82866812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.16.38.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003709/; classtype:trojan-activity;sid:82866809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.134.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003710/; classtype:trojan-activity;sid:82866810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.47.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003711/; classtype:trojan-activity;sid:82866811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.4.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003708/; classtype:trojan-activity;sid:82866808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.176.185.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003707/; classtype:trojan-activity;sid:82866807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.63.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003705/; classtype:trojan-activity;sid:82866805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.225.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003706/; classtype:trojan-activity;sid:82866806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.237.112.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003704/; classtype:trojan-activity;sid:82866804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003703)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.64.203.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003703/; classtype:trojan-activity;sid:82866803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.160.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003701/; classtype:trojan-activity;sid:82866801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.162.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003702/; classtype:trojan-activity;sid:82866802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.146.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003700/; classtype:trojan-activity;sid:82866800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.120.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003697/; classtype:trojan-activity;sid:82866797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.244.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003698/; classtype:trojan-activity;sid:82866798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.132.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003699/; classtype:trojan-activity;sid:82866799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003696)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"50.252.0.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003696/; classtype:trojan-activity;sid:82866796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.168.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003693/; classtype:trojan-activity;sid:82866793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.83.154.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003694/; classtype:trojan-activity;sid:82866794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.104.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003695/; classtype:trojan-activity;sid:82866795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.75.242.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003692/; classtype:trojan-activity;sid:82866792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.33.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003691/; classtype:trojan-activity;sid:82866791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.196.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003690/; classtype:trojan-activity;sid:82866790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.203.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003689/; classtype:trojan-activity;sid:82866789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003688/; classtype:trojan-activity;sid:82866788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.75.15.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003684/; classtype:trojan-activity;sid:82866784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.134.60.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003685/; classtype:trojan-activity;sid:82866785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.3.245"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003686/; classtype:trojan-activity;sid:82866786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.215.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003687/; classtype:trojan-activity;sid:82866787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.242.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003683/; classtype:trojan-activity;sid:82866783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.72.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003680/; classtype:trojan-activity;sid:82866780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.91.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003681/; classtype:trojan-activity;sid:82866781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.227.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003682/; classtype:trojan-activity;sid:82866782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.0.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003679/; classtype:trojan-activity;sid:82866779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.173.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003678/; classtype:trojan-activity;sid:82866778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.150.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003675/; classtype:trojan-activity;sid:82866775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.46.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003676/; classtype:trojan-activity;sid:82866776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.50.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003677/; classtype:trojan-activity;sid:82866777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.202.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003674/; classtype:trojan-activity;sid:82866774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.119.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003673/; classtype:trojan-activity;sid:82866773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003672)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.119.170.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003672/; classtype:trojan-activity;sid:82866772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.37.1.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003671/; classtype:trojan-activity;sid:82866771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.4.212.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003668/; classtype:trojan-activity;sid:82866768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.24.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003669/; classtype:trojan-activity;sid:82866769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.191.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003670/; classtype:trojan-activity;sid:82866770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.135.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003667/; classtype:trojan-activity;sid:82866767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.122.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003662/; classtype:trojan-activity;sid:82866762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.114.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003663/; classtype:trojan-activity;sid:82866763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.165.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003664/; classtype:trojan-activity;sid:82866764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.103.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003665/; classtype:trojan-activity;sid:82866765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.55.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003666/; classtype:trojan-activity;sid:82866766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.108.97.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003660/; classtype:trojan-activity;sid:82866760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.134.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003661/; classtype:trojan-activity;sid:82866761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.201.54.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003659/; classtype:trojan-activity;sid:82866759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.196.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003658/; classtype:trojan-activity;sid:82866758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.52.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003657/; classtype:trojan-activity;sid:82866757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.37.1.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003656/; classtype:trojan-activity;sid:82866756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.240.54.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003653/; classtype:trojan-activity;sid:82866753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.219.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003654/; classtype:trojan-activity;sid:82866754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.126.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003655/; classtype:trojan-activity;sid:82866755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.163.8.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003652/; classtype:trojan-activity;sid:82866752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.40.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003651/; classtype:trojan-activity;sid:82866751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.172.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003649/; classtype:trojan-activity;sid:82866749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.25.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003650/; classtype:trojan-activity;sid:82866750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.36.242.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003648/; classtype:trojan-activity;sid:82866748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.57.192.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003647/; classtype:trojan-activity;sid:82866747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.10.147.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003646/; classtype:trojan-activity;sid:82866746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.202.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003644/; classtype:trojan-activity;sid:82866744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.237.31.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003645/; classtype:trojan-activity;sid:82866745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.89.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003643/; classtype:trojan-activity;sid:82866743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.106.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003642/; classtype:trojan-activity;sid:82866742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.172.198.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003641/; classtype:trojan-activity;sid:82866741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.239.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003640/; classtype:trojan-activity;sid:82866740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.135.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003639/; classtype:trojan-activity;sid:82866739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.82.143.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003638/; classtype:trojan-activity;sid:82866738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.82.143.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003637/; classtype:trojan-activity;sid:82866737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.5.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003636/; classtype:trojan-activity;sid:82866736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.162.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003635/; classtype:trojan-activity;sid:82866735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.167.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003634/; classtype:trojan-activity;sid:82866734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003633)"; flow:established,from_client; content:"GET"; http_method; content:"/fer/fe7.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.7.214.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003633/; classtype:trojan-activity;sid:82866733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003630)"; flow:established,from_client; content:"GET"; http_method; content:"/fer/fe7.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.7.214.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003630/; classtype:trojan-activity;sid:82866730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003631)"; flow:established,from_client; content:"GET"; http_method; content:"/fer/fe7.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"0xb907d607"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003631/; classtype:trojan-activity;sid:82866731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003632)"; flow:established,from_client; content:"GET"; http_method; content:"/fer/fe7.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"0xb907d607"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003632/; classtype:trojan-activity;sid:82866732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.178.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003629/; classtype:trojan-activity;sid:82866729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.210.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003628/; classtype:trojan-activity;sid:82866728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.88.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003627/; classtype:trojan-activity;sid:82866727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.189.91.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003626/; classtype:trojan-activity;sid:82866726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.211.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003625/; classtype:trojan-activity;sid:82866725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.134.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003624/; classtype:trojan-activity;sid:82866724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.73.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003622/; classtype:trojan-activity;sid:82866722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.239.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003623/; classtype:trojan-activity;sid:82866723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.209.126.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003621/; classtype:trojan-activity;sid:82866721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.151.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003617/; classtype:trojan-activity;sid:82866717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.38.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003618/; classtype:trojan-activity;sid:82866718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.42.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003619/; classtype:trojan-activity;sid:82866719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.99.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003620/; classtype:trojan-activity;sid:82866720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.222.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003616/; classtype:trojan-activity;sid:82866716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.213.34.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003608/; classtype:trojan-activity;sid:82866708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.92.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003609/; classtype:trojan-activity;sid:82866709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.236.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003610/; classtype:trojan-activity;sid:82866710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.208.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003611/; classtype:trojan-activity;sid:82866711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.68.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003612/; classtype:trojan-activity;sid:82866712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.124.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003613/; classtype:trojan-activity;sid:82866713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.63.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003614/; classtype:trojan-activity;sid:82866714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.129.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003615/; classtype:trojan-activity;sid:82866715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.230.251.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003604/; classtype:trojan-activity;sid:82866704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.95.8.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003605/; classtype:trojan-activity;sid:82866705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003606/; classtype:trojan-activity;sid:82866706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.58.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003607/; classtype:trojan-activity;sid:82866707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003603/; classtype:trojan-activity;sid:82866703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.139.224.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003602/; classtype:trojan-activity;sid:82866702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.145.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003601/; classtype:trojan-activity;sid:82866701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.45.235.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003600/; classtype:trojan-activity;sid:82866700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.115.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003599/; classtype:trojan-activity;sid:82866699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.92.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003598/; classtype:trojan-activity;sid:82866698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.121.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003597/; classtype:trojan-activity;sid:82866697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.76.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003596/; classtype:trojan-activity;sid:82866696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.5.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003594/; classtype:trojan-activity;sid:82866694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.108.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003595/; classtype:trojan-activity;sid:82866695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.88.153.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003593/; classtype:trojan-activity;sid:82866693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.31.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003592/; classtype:trojan-activity;sid:82866692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.236.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003589/; classtype:trojan-activity;sid:82866689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.156.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003590/; classtype:trojan-activity;sid:82866690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.84.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003591/; classtype:trojan-activity;sid:82866691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.203.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003588/; classtype:trojan-activity;sid:82866688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.123.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003585/; classtype:trojan-activity;sid:82866685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.57.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003586/; classtype:trojan-activity;sid:82866686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.5.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003587/; classtype:trojan-activity;sid:82866687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.13.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003583/; classtype:trojan-activity;sid:82866683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.80.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003584/; classtype:trojan-activity;sid:82866684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"140.255.8.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003582/; classtype:trojan-activity;sid:82866682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003581)"; flow:established,from_client; content:"GET"; http_method; content:"/fox-c/7h/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"royallifeagroindia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003581/; classtype:trojan-activity;sid:82866681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003578)"; flow:established,from_client; content:"GET"; http_method; content:"/well-known/hbpi8/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"id-tiara.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003578/; classtype:trojan-activity;sid:82866678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003579)"; flow:established,from_client; content:"GET"; http_method; content:"/yqlo/h6behtcvy0/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"wordpress08.aftershipdemo.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003579/; classtype:trojan-activity;sid:82866679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003580)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/u8fhxoovlba/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"colegiul-nenitescu-craiova.ro"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003580/; classtype:trojan-activity;sid:82866680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003577)"; flow:established,from_client; content:"GET"; http_method; content:"/content/5wr/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"apexsecure.co.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003577/; classtype:trojan-activity;sid:82866677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003576)"; flow:established,from_client; content:"GET"; http_method; content:"/fox-c/uajvaqglq2q1amgu/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lpm.fk.ub.ac.id"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003576/; classtype:trojan-activity;sid:82866676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003575)"; flow:established,from_client; content:"GET"; http_method; content:"/fox-c404/7l4siiwb771k0ptg/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"carmdaksh.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003575/; classtype:trojan-activity;sid:82866675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003574)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/qg8e85/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"xn--12cmbj7eucdlsj9icqc9ombzhzc.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003574/; classtype:trojan-activity;sid:82866674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003573)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.139.40.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003573/; classtype:trojan-activity;sid:82866673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003572)"; flow:established,from_client; content:"GET"; http_method; content:"/dwo2/o99j2dxfrdd/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"wordpress02.aftershipdemo.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003572/; classtype:trojan-activity;sid:82866672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003571)"; flow:established,from_client; content:"GET"; http_method; content:"/fox-c/chqyqqlxp/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"leadrise.co"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003571/; classtype:trojan-activity;sid:82866671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.240.54.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003570/; classtype:trojan-activity;sid:82866670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.227.207.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003568/; classtype:trojan-activity;sid:82866668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.30.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003569/; classtype:trojan-activity;sid:82866669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.23.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003567/; classtype:trojan-activity;sid:82866667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.38.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003566/; classtype:trojan-activity;sid:82866666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.85.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003562/; classtype:trojan-activity;sid:82866662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.172.47.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003563/; classtype:trojan-activity;sid:82866663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.223.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003564/; classtype:trojan-activity;sid:82866664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.1.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003565/; classtype:trojan-activity;sid:82866665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.225.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003559/; classtype:trojan-activity;sid:82866659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.212.132.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003560/; classtype:trojan-activity;sid:82866660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.108.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003561/; classtype:trojan-activity;sid:82866661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.210.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003558/; classtype:trojan-activity;sid:82866658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.86.172.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003557/; classtype:trojan-activity;sid:82866657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.92.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003555/; classtype:trojan-activity;sid:82866655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.88.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003556/; classtype:trojan-activity;sid:82866656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.58.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003554/; classtype:trojan-activity;sid:82866654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.80.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003553/; classtype:trojan-activity;sid:82866653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003552)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/wp-roilbask/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"clade.de"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003552/; classtype:trojan-activity;sid:82866652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003551)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/wp-roilbask/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"crespoauto91.fr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003551/; classtype:trojan-activity;sid:82866651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.135.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003550/; classtype:trojan-activity;sid:82866650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.237.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003549/; classtype:trojan-activity;sid:82866649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.61.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003548/; classtype:trojan-activity;sid:82866648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003546/; classtype:trojan-activity;sid:82866646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.167.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003547/; classtype:trojan-activity;sid:82866647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.81.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003545/; classtype:trojan-activity;sid:82866645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.76.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003544/; classtype:trojan-activity;sid:82866644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.9.143.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003543/; classtype:trojan-activity;sid:82866643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.150.186.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003541/; classtype:trojan-activity;sid:82866641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.40.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003542/; classtype:trojan-activity;sid:82866642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.202.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003540/; classtype:trojan-activity;sid:82866640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.201.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003539/; classtype:trojan-activity;sid:82866639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003536/; classtype:trojan-activity;sid:82866636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.84.49.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003537/; classtype:trojan-activity;sid:82866637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.229.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003538/; classtype:trojan-activity;sid:82866638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.79.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003534/; classtype:trojan-activity;sid:82866634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.194.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003535/; classtype:trojan-activity;sid:82866635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.162.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003533/; classtype:trojan-activity;sid:82866633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.207.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003528/; classtype:trojan-activity;sid:82866628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.51.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003529/; classtype:trojan-activity;sid:82866629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.127.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003530/; classtype:trojan-activity;sid:82866630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.99.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003531/; classtype:trojan-activity;sid:82866631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.137.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003532/; classtype:trojan-activity;sid:82866632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.170.242.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003526/; classtype:trojan-activity;sid:82866626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.166.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003527/; classtype:trojan-activity;sid:82866627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.238.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003525/; classtype:trojan-activity;sid:82866625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.108.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003524/; classtype:trojan-activity;sid:82866624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.82.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003523/; classtype:trojan-activity;sid:82866623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.161.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003522/; classtype:trojan-activity;sid:82866622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.141.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003521/; classtype:trojan-activity;sid:82866621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.228.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003520/; classtype:trojan-activity;sid:82866620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.85.199.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003519/; classtype:trojan-activity;sid:82866619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.122.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003518/; classtype:trojan-activity;sid:82866618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.94.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003517/; classtype:trojan-activity;sid:82866617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.207.66.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003516/; classtype:trojan-activity;sid:82866616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.24.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003512/; classtype:trojan-activity;sid:82866612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.83.73.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003513/; classtype:trojan-activity;sid:82866613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.167.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003514/; classtype:trojan-activity;sid:82866614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.218.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003515/; classtype:trojan-activity;sid:82866615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.130.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003510/; classtype:trojan-activity;sid:82866610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.146.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003511/; classtype:trojan-activity;sid:82866611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.20.2.103"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003509/; classtype:trojan-activity;sid:82866609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.69.5.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003508/; classtype:trojan-activity;sid:82866608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.34.207.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003506/; classtype:trojan-activity;sid:82866606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.179.154.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003507/; classtype:trojan-activity;sid:82866607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.147.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003505/; classtype:trojan-activity;sid:82866605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.121.174.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003503/; classtype:trojan-activity;sid:82866603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.127.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003504/; classtype:trojan-activity;sid:82866604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.244.47.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003502/; classtype:trojan-activity;sid:82866602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.109.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003501/; classtype:trojan-activity;sid:82866601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.205.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003500/; classtype:trojan-activity;sid:82866600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.167.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003499/; classtype:trojan-activity;sid:82866599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.109.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003498/; classtype:trojan-activity;sid:82866598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.163.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003497/; classtype:trojan-activity;sid:82866597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.147.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003494/; classtype:trojan-activity;sid:82866594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.48.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003495/; classtype:trojan-activity;sid:82866595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.81.238.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003496/; classtype:trojan-activity;sid:82866596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.223.72.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003493/; classtype:trojan-activity;sid:82866593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.239.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003492/; classtype:trojan-activity;sid:82866592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.154.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003489/; classtype:trojan-activity;sid:82866589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.167.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003490/; classtype:trojan-activity;sid:82866590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.167.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003491/; classtype:trojan-activity;sid:82866591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"145.254.164.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003485/; classtype:trojan-activity;sid:82866585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.147.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003486/; classtype:trojan-activity;sid:82866586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.213.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003487/; classtype:trojan-activity;sid:82866587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.202.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003488/; classtype:trojan-activity;sid:82866588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003482)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm6"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"20.24.90.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003482/; classtype:trojan-activity;sid:82866582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003483)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.sh4"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"20.24.90.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003483/; classtype:trojan-activity;sid:82866583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003484)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"20.24.90.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003484/; classtype:trojan-activity;sid:82866584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003479)"; flow:established,from_client; content:"GET"; http_method; content:"/intelrfd/vbc.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.167.92.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003479/; classtype:trojan-activity;sid:82866579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003480/; classtype:trojan-activity;sid:82866580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.120.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003481/; classtype:trojan-activity;sid:82866581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003471)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm5"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"20.24.90.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003471/; classtype:trojan-activity;sid:82866571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003472)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.ppc"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"20.24.90.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003472/; classtype:trojan-activity;sid:82866572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003473)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.m68k"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"20.24.90.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003473/; classtype:trojan-activity;sid:82866573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003474)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.spc"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"20.24.90.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003474/; classtype:trojan-activity;sid:82866574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003475)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mpsl"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"20.24.90.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003475/; classtype:trojan-activity;sid:82866575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003476)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm7"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"20.24.90.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003476/; classtype:trojan-activity;sid:82866576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.181.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003477/; classtype:trojan-activity;sid:82866577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.177.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003478/; classtype:trojan-activity;sid:82866578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003469)"; flow:established,from_client; content:"GET"; http_method; content:"/prntscr.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"olivetopadelclub.cl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003469/; classtype:trojan-activity;sid:82866569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003470)"; flow:established,from_client; content:"GET"; http_method; content:"/127839.xls"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tecingenieria.cl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003470/; classtype:trojan-activity;sid:82866570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003468)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.228.179.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003468/; classtype:trojan-activity;sid:82866568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.146.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003467/; classtype:trojan-activity;sid:82866567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.40.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003466/; classtype:trojan-activity;sid:82866566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.75.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003465/; classtype:trojan-activity;sid:82866565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.24.150.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003464/; classtype:trojan-activity;sid:82866564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.225.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003462/; classtype:trojan-activity;sid:82866562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.24.189.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003463/; classtype:trojan-activity;sid:82866563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.166.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003457/; classtype:trojan-activity;sid:82866557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.87.168.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003458/; classtype:trojan-activity;sid:82866558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.116.155.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003459/; classtype:trojan-activity;sid:82866559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.233.167.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003460/; classtype:trojan-activity;sid:82866560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.143.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003461/; classtype:trojan-activity;sid:82866561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.168.208.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003455/; classtype:trojan-activity;sid:82866555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.191.213.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003456/; classtype:trojan-activity;sid:82866556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.220.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003454/; classtype:trojan-activity;sid:82866554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.139.89.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003451/; classtype:trojan-activity;sid:82866551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.179.196.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003452/; classtype:trojan-activity;sid:82866552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.220.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003453/; classtype:trojan-activity;sid:82866553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.248.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003450/; classtype:trojan-activity;sid:82866550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.254.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003449/; classtype:trojan-activity;sid:82866549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.106.193.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003448/; classtype:trojan-activity;sid:82866548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.30.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003447/; classtype:trojan-activity;sid:82866547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.147.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003446/; classtype:trojan-activity;sid:82866546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.96.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003445/; classtype:trojan-activity;sid:82866545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.163.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003444/; classtype:trojan-activity;sid:82866544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.197.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003442/; classtype:trojan-activity;sid:82866542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.195.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003443/; classtype:trojan-activity;sid:82866543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.96.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003438/; classtype:trojan-activity;sid:82866538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.161.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003439/; classtype:trojan-activity;sid:82866539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.118.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003440/; classtype:trojan-activity;sid:82866540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.224.248.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003441/; classtype:trojan-activity;sid:82866541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.112.154.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003437/; classtype:trojan-activity;sid:82866537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.73.32.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003436/; classtype:trojan-activity;sid:82866536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.54.123.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003432/; classtype:trojan-activity;sid:82866532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.150.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003433/; classtype:trojan-activity;sid:82866533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.234.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003434/; classtype:trojan-activity;sid:82866534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.208.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003435/; classtype:trojan-activity;sid:82866535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.91.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003431/; classtype:trojan-activity;sid:82866531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003430)"; flow:established,from_client; content:"GET"; http_method; content:"/sj1kpj8ttjsf/ght.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"samowoj.com.ng"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003430/; classtype:trojan-activity;sid:82866530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003428)"; flow:established,from_client; content:"GET"; http_method; content:"/nogyhhhaj0/ght.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"elimatlacomulco.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003428/; classtype:trojan-activity;sid:82866528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003429)"; flow:established,from_client; content:"GET"; http_method; content:"/oaemg1xwy7a4/ght.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"silva-consultores.arkstudio.agency"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003429/; classtype:trojan-activity;sid:82866529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.144.194.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003425/; classtype:trojan-activity;sid:82866525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003426)"; flow:established,from_client; content:"GET"; http_method; content:"/ds4kaksqe8gl/ght.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"anxietydisordersinwomen.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003426/; classtype:trojan-activity;sid:82866526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003427)"; flow:established,from_client; content:"GET"; http_method; content:"/wis1k1q15zi/ght.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"keltexfinancial.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003427/; classtype:trojan-activity;sid:82866527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.250.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003422/; classtype:trojan-activity;sid:82866522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.208.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003423/; classtype:trojan-activity;sid:82866523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003424)"; flow:established,from_client; content:"GET"; http_method; content:"/1ndtgg7e4/ght.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"pakunolaschool.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003424/; classtype:trojan-activity;sid:82866524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.105.105.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003419/; classtype:trojan-activity;sid:82866519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.184.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003420/; classtype:trojan-activity;sid:82866520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.175.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003421/; classtype:trojan-activity;sid:82866521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.61.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003417/; classtype:trojan-activity;sid:82866517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.228.203.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003418/; classtype:trojan-activity;sid:82866518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.87.85.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003414/; classtype:trojan-activity;sid:82866514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.184.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003415/; classtype:trojan-activity;sid:82866515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003416/; classtype:trojan-activity;sid:82866516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.0.218.230"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003413/; classtype:trojan-activity;sid:82866513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003412)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.184.245.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003412/; classtype:trojan-activity;sid:82866512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003411/; classtype:trojan-activity;sid:82866511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.100.95.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003410/; classtype:trojan-activity;sid:82866510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.194.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003409/; classtype:trojan-activity;sid:82866509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.135.210.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003408/; classtype:trojan-activity;sid:82866508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.254.87.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003407/; classtype:trojan-activity;sid:82866507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.109.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003406/; classtype:trojan-activity;sid:82866506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.67.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003404/; classtype:trojan-activity;sid:82866504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.150.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003405/; classtype:trojan-activity;sid:82866505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.254.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003403/; classtype:trojan-activity;sid:82866503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.95.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003402/; classtype:trojan-activity;sid:82866502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.224.248.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003401/; classtype:trojan-activity;sid:82866501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.212.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003400/; classtype:trojan-activity;sid:82866500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.220.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003396/; classtype:trojan-activity;sid:82866496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.1.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003397/; classtype:trojan-activity;sid:82866497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.227.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003398/; classtype:trojan-activity;sid:82866498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.20.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003399/; classtype:trojan-activity;sid:82866499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.9.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003395/; classtype:trojan-activity;sid:82866495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.102.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003394/; classtype:trojan-activity;sid:82866494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.233.244.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003393/; classtype:trojan-activity;sid:82866493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.85.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003391/; classtype:trojan-activity;sid:82866491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.88.198.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003392/; classtype:trojan-activity;sid:82866492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.180.182.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003390/; classtype:trojan-activity;sid:82866490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.215.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003389/; classtype:trojan-activity;sid:82866489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.39.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003388/; classtype:trojan-activity;sid:82866488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.6.135.164"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003384/; classtype:trojan-activity;sid:82866484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.125.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003385/; classtype:trojan-activity;sid:82866485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.176.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003386/; classtype:trojan-activity;sid:82866486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.163.122.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003387/; classtype:trojan-activity;sid:82866487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.236.109.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003383/; classtype:trojan-activity;sid:82866483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.93.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003382/; classtype:trojan-activity;sid:82866482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.192.1.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003381/; classtype:trojan-activity;sid:82866481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.9.111.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003377/; classtype:trojan-activity;sid:82866477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.49.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003378/; classtype:trojan-activity;sid:82866478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.60.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003379/; classtype:trojan-activity;sid:82866479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.102.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003380/; classtype:trojan-activity;sid:82866480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.90.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003376/; classtype:trojan-activity;sid:82866476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.197.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003375/; classtype:trojan-activity;sid:82866475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.199.95.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003374/; classtype:trojan-activity;sid:82866474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.242.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003373/; classtype:trojan-activity;sid:82866473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.140.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003372/; classtype:trojan-activity;sid:82866472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.43.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003371/; classtype:trojan-activity;sid:82866471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.237.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003370/; classtype:trojan-activity;sid:82866470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.214.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003369/; classtype:trojan-activity;sid:82866469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.99.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003368/; classtype:trojan-activity;sid:82866468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.231.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003367/; classtype:trojan-activity;sid:82866467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.182.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003365/; classtype:trojan-activity;sid:82866465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.176.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003366/; classtype:trojan-activity;sid:82866466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.157.162.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003364/; classtype:trojan-activity;sid:82866464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003363)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/wp-roilbask/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"dondonjp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003363/; classtype:trojan-activity;sid:82866463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.93.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003362/; classtype:trojan-activity;sid:82866462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.240.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003361/; classtype:trojan-activity;sid:82866461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.74.129.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003360/; classtype:trojan-activity;sid:82866460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.44.100.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003359/; classtype:trojan-activity;sid:82866459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.190.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003357/; classtype:trojan-activity;sid:82866457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.81.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003358/; classtype:trojan-activity;sid:82866458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.200.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003356/; classtype:trojan-activity;sid:82866456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.186.21.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003355/; classtype:trojan-activity;sid:82866455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.182.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003354/; classtype:trojan-activity;sid:82866454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.229.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003353/; classtype:trojan-activity;sid:82866453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.215.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003349/; classtype:trojan-activity;sid:82866449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.144.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003350/; classtype:trojan-activity;sid:82866450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.87.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003351/; classtype:trojan-activity;sid:82866451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.190.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003352/; classtype:trojan-activity;sid:82866452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.232.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003347/; classtype:trojan-activity;sid:82866447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.22.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003348/; classtype:trojan-activity;sid:82866448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003346/; classtype:trojan-activity;sid:82866446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.236.153.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003345/; classtype:trojan-activity;sid:82866445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003344)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.32.47.22"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003344/; classtype:trojan-activity;sid:82866444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.85.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003343/; classtype:trojan-activity;sid:82866443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003342)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/y5c/cqi/py1/zhoagsu.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"smsabuja.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003342/; classtype:trojan-activity;sid:82866442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.99.79.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003341/; classtype:trojan-activity;sid:82866441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003340)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.35.108.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003340/; classtype:trojan-activity;sid:82866440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.133.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003339/; classtype:trojan-activity;sid:82866439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.88.135.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003337/; classtype:trojan-activity;sid:82866437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.11.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003338/; classtype:trojan-activity;sid:82866438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.106.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003336/; classtype:trojan-activity;sid:82866436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.116.172.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003335/; classtype:trojan-activity;sid:82866435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.237.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003333/; classtype:trojan-activity;sid:82866433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.83.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003334/; classtype:trojan-activity;sid:82866434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.80.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003332/; classtype:trojan-activity;sid:82866432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.246.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003331/; classtype:trojan-activity;sid:82866431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.19.100.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003330/; classtype:trojan-activity;sid:82866430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.94.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003327/; classtype:trojan-activity;sid:82866427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.10.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003328/; classtype:trojan-activity;sid:82866428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.6.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003329/; classtype:trojan-activity;sid:82866429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.143.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003326/; classtype:trojan-activity;sid:82866426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.196.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003325/; classtype:trojan-activity;sid:82866425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.141.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003324/; classtype:trojan-activity;sid:82866424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.197.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003322/; classtype:trojan-activity;sid:82866422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.180.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003323/; classtype:trojan-activity;sid:82866423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.214.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003320/; classtype:trojan-activity;sid:82866420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.25.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003321/; classtype:trojan-activity;sid:82866421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.77.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003318/; classtype:trojan-activity;sid:82866418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.185.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003319/; classtype:trojan-activity;sid:82866419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003317)"; flow:established,from_client; content:"GET"; http_method; content:"/down/fileren.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"xt.lykj988.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003317/; classtype:trojan-activity;sid:82866417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.133.192.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003316/; classtype:trojan-activity;sid:82866416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.101.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003314/; classtype:trojan-activity;sid:82866414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.209.169.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003315/; classtype:trojan-activity;sid:82866415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.144.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003313/; classtype:trojan-activity;sid:82866413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.238.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003311/; classtype:trojan-activity;sid:82866411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.23.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003312/; classtype:trojan-activity;sid:82866412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.250.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003309/; classtype:trojan-activity;sid:82866409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.91.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003310/; classtype:trojan-activity;sid:82866410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.219.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003306/; classtype:trojan-activity;sid:82866406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.57.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003307/; classtype:trojan-activity;sid:82866407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.23.112.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003308/; classtype:trojan-activity;sid:82866408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.122.105.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003305/; classtype:trojan-activity;sid:82866405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.30.153.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003303/; classtype:trojan-activity;sid:82866403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.82.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003304/; classtype:trojan-activity;sid:82866404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.196.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003302/; classtype:trojan-activity;sid:82866402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.49.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003301/; classtype:trojan-activity;sid:82866401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003300)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.106.78.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003300/; classtype:trojan-activity;sid:82866400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.174.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003299/; classtype:trojan-activity;sid:82866399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.168.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003298/; classtype:trojan-activity;sid:82866398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.74.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003297/; classtype:trojan-activity;sid:82866397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.143.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003295/; classtype:trojan-activity;sid:82866395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.82.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003296/; classtype:trojan-activity;sid:82866396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003294/; classtype:trojan-activity;sid:82866394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.160.116.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003293/; classtype:trojan-activity;sid:82866393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.190.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003292/; classtype:trojan-activity;sid:82866392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.255.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003291/; classtype:trojan-activity;sid:82866391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.30.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003287/; classtype:trojan-activity;sid:82866387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.208.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003288/; classtype:trojan-activity;sid:82866388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.165.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003289/; classtype:trojan-activity;sid:82866389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.98.44.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003290/; classtype:trojan-activity;sid:82866390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.118.162.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003284/; classtype:trojan-activity;sid:82866384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.132.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003285/; classtype:trojan-activity;sid:82866385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.240.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003286/; classtype:trojan-activity;sid:82866386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.99.82.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003283/; classtype:trojan-activity;sid:82866383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.141.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003282/; classtype:trojan-activity;sid:82866382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003281/; classtype:trojan-activity;sid:82866381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.106.192.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003280/; classtype:trojan-activity;sid:82866380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003279)"; flow:established,from_client; content:"GET"; http_method; content:"/dda/synt.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"margos.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003279/; classtype:trojan-activity;sid:82866379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin_fldfmmv154.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.bulkwhatsappsender.in"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003278/; classtype:trojan-activity;sid:82866378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.164.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003277/; classtype:trojan-activity;sid:82866377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.25.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003276/; classtype:trojan-activity;sid:82866376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003275)"; flow:established,from_client; content:"GET"; http_method; content:"/you.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"172.245.27.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003275/; classtype:trojan-activity;sid:82866375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.39.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003274/; classtype:trojan-activity;sid:82866374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003272)"; flow:established,from_client; content:"GET"; http_method; content:"/jio.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tatora.s3.ap-southeast-1.amazonaws.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003272/; classtype:trojan-activity;sid:82866372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.93.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003273/; classtype:trojan-activity;sid:82866373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.211.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003271/; classtype:trojan-activity;sid:82866371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.180.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003270/; classtype:trojan-activity;sid:82866370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.7.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003269/; classtype:trojan-activity;sid:82866369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.104.175.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003267/; classtype:trojan-activity;sid:82866367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.252.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003268/; classtype:trojan-activity;sid:82866368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.13.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003266/; classtype:trojan-activity;sid:82866366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003265)"; flow:established,from_client; content:"GET"; http_method; content:"/googlecould/.csrss.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.156.91.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003265/; classtype:trojan-activity;sid:82866365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003263)"; flow:established,from_client; content:"GET"; http_method; content:"/gcould/vbc.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.167.92.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003263/; classtype:trojan-activity;sid:82866363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003264)"; flow:established,from_client; content:"GET"; http_method; content:"/advertising/contextual.wma"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"fighterjock.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003264/; classtype:trojan-activity;sid:82866364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.249.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003260/; classtype:trojan-activity;sid:82866360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.189.141.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003261/; classtype:trojan-activity;sid:82866361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003262/; classtype:trojan-activity;sid:82866362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.152.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003257/; classtype:trojan-activity;sid:82866357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.235.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003258/; classtype:trojan-activity;sid:82866358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.173.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003259/; classtype:trojan-activity;sid:82866359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.134.224.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003256/; classtype:trojan-activity;sid:82866356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.18.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003254/; classtype:trojan-activity;sid:82866354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.221.202.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003255/; classtype:trojan-activity;sid:82866355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003253)"; flow:established,from_client; content:"GET"; http_method; content:"/default.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"selvafac.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003253/; classtype:trojan-activity;sid:82866353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003252)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/916372126548787201/919546730075283516/gamesetup-linux"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"20.115.127.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003252/; classtype:trojan-activity;sid:82866352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003251)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/916372126548787201/919546730075283516/wonderhall.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"20.115.127.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003251/; classtype:trojan-activity;sid:82866351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003250)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/916372126548787201/919546730075283516/gamesetupps.rar"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"20.115.127.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003250/; classtype:trojan-activity;sid:82866350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003248)"; flow:established,from_client; content:"GET"; http_method; content:"/rbud/oarptbpww//"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"demo.avionxpress.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003248/; classtype:trojan-activity;sid:82866348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003249)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/916372126548787201/919546730075283516/wonderhall.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"20.115.127.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003249/; classtype:trojan-activity;sid:82866349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003246)"; flow:established,from_client; content:"GET"; http_method; content:"/x86.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"20.24.90.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003246/; classtype:trojan-activity;sid:82866346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003247)"; flow:established,from_client; content:"GET"; http_method; content:"/d/9jhkvzvdasdf|3f|name=superfurrygame.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"superfurrycdn.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003247/; classtype:trojan-activity;sid:82866347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003244)"; flow:established,from_client; content:"GET"; http_method; content:"/6923236056932483.dat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"51.254.164.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003244/; classtype:trojan-activity;sid:82866344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003245)"; flow:established,from_client; content:"GET"; http_method; content:"/insucar.pdf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.sodaiacademy.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003245/; classtype:trojan-activity;sid:82866345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.85.35.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003243/; classtype:trojan-activity;sid:82866343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.164.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003242/; classtype:trojan-activity;sid:82866342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.151.182.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003241/; classtype:trojan-activity;sid:82866341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.190.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003239/; classtype:trojan-activity;sid:82866339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.215.134.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003240/; classtype:trojan-activity;sid:82866340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.5.104"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003234/; classtype:trojan-activity;sid:82866334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.210.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003235/; classtype:trojan-activity;sid:82866335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.135.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003236/; classtype:trojan-activity;sid:82866336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.61.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003237/; classtype:trojan-activity;sid:82866337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.6.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003238/; classtype:trojan-activity;sid:82866338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.156.84.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003233/; classtype:trojan-activity;sid:82866333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.38.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003232/; classtype:trojan-activity;sid:82866332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.77.215.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003231/; classtype:trojan-activity;sid:82866331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.103.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003225/; classtype:trojan-activity;sid:82866325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.155.51.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003226/; classtype:trojan-activity;sid:82866326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.60.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003227/; classtype:trojan-activity;sid:82866327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.70.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003228/; classtype:trojan-activity;sid:82866328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.17.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003229/; classtype:trojan-activity;sid:82866329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.125.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003230/; classtype:trojan-activity;sid:82866330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003221/; classtype:trojan-activity;sid:82866321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.193.125.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003222/; classtype:trojan-activity;sid:82866322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.155.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003223/; classtype:trojan-activity;sid:82866323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003224)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.135.148.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003224/; classtype:trojan-activity;sid:82866324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.57.207.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003220/; classtype:trojan-activity;sid:82866320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.230.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003219/; classtype:trojan-activity;sid:82866319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003218)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"105.247.136.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003218/; classtype:trojan-activity;sid:82866318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.39.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003217/; classtype:trojan-activity;sid:82866317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.134.224.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003215/; classtype:trojan-activity;sid:82866315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.165.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003216/; classtype:trojan-activity;sid:82866316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.36.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003214/; classtype:trojan-activity;sid:82866314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.128.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003213/; classtype:trojan-activity;sid:82866313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.244.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003212/; classtype:trojan-activity;sid:82866312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.89.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003211/; classtype:trojan-activity;sid:82866311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.40.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003210/; classtype:trojan-activity;sid:82866310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.72.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003208/; classtype:trojan-activity;sid:82866308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.204.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003209/; classtype:trojan-activity;sid:82866309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.86.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003204/; classtype:trojan-activity;sid:82866304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.35.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003205/; classtype:trojan-activity;sid:82866305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.189.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003206/; classtype:trojan-activity;sid:82866306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.144.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003207/; classtype:trojan-activity;sid:82866307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.61.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003202/; classtype:trojan-activity;sid:82866302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.85.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003203/; classtype:trojan-activity;sid:82866303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.218.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003199/; classtype:trojan-activity;sid:82866299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.185.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003200/; classtype:trojan-activity;sid:82866300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.228.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003201/; classtype:trojan-activity;sid:82866301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.217.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003197/; classtype:trojan-activity;sid:82866297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.96.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003198/; classtype:trojan-activity;sid:82866298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.151.182.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003196/; classtype:trojan-activity;sid:82866296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.108.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003193/; classtype:trojan-activity;sid:82866293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.234.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003194/; classtype:trojan-activity;sid:82866294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.175.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003195/; classtype:trojan-activity;sid:82866295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.27.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003192/; classtype:trojan-activity;sid:82866292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.182.47.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003191/; classtype:trojan-activity;sid:82866291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.219.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003190/; classtype:trojan-activity;sid:82866290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003189)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.141.225.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003189/; classtype:trojan-activity;sid:82866289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.159.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003188/; classtype:trojan-activity;sid:82866288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.56.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003187/; classtype:trojan-activity;sid:82866287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.224.169.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003185/; classtype:trojan-activity;sid:82866285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.224.170.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003186/; classtype:trojan-activity;sid:82866286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.118.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003183/; classtype:trojan-activity;sid:82866283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.50.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003184/; classtype:trojan-activity;sid:82866284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.243.203.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003182/; classtype:trojan-activity;sid:82866282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.220.222.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003180/; classtype:trojan-activity;sid:82866280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.36.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003181/; classtype:trojan-activity;sid:82866281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.165.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003177/; classtype:trojan-activity;sid:82866277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.170.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003178/; classtype:trojan-activity;sid:82866278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.28.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003179/; classtype:trojan-activity;sid:82866279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.170.254.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003174/; classtype:trojan-activity;sid:82866274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.42.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003175/; classtype:trojan-activity;sid:82866275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.161.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003176/; classtype:trojan-activity;sid:82866276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.97.145.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003173/; classtype:trojan-activity;sid:82866273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.44.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003172/; classtype:trojan-activity;sid:82866272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003171)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.102.195.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003171/; classtype:trojan-activity;sid:82866271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.194.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003170/; classtype:trojan-activity;sid:82866270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.227.194.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003169/; classtype:trojan-activity;sid:82866269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.244.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003167/; classtype:trojan-activity;sid:82866267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.185.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003168/; classtype:trojan-activity;sid:82866268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.183.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003166/; classtype:trojan-activity;sid:82866266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.25.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003165/; classtype:trojan-activity;sid:82866265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.92.10.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003163/; classtype:trojan-activity;sid:82866263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.209.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003164/; classtype:trojan-activity;sid:82866264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.163.12.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003162/; classtype:trojan-activity;sid:82866262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.48.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003161/; classtype:trojan-activity;sid:82866261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.86.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003159/; classtype:trojan-activity;sid:82866259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.189.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003160/; classtype:trojan-activity;sid:82866260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.164.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003155/; classtype:trojan-activity;sid:82866255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.213.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003156/; classtype:trojan-activity;sid:82866256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.14.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003157/; classtype:trojan-activity;sid:82866257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.114.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003158/; classtype:trojan-activity;sid:82866258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.35.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003152/; classtype:trojan-activity;sid:82866252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003153/; classtype:trojan-activity;sid:82866253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.204.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003154/; classtype:trojan-activity;sid:82866254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.141.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003150/; classtype:trojan-activity;sid:82866250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.196.59.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003151/; classtype:trojan-activity;sid:82866251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.118.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003149/; classtype:trojan-activity;sid:82866249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.184.64.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003147/; classtype:trojan-activity;sid:82866247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003148)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=aabb6dd4868cbd84|7c|26|7c|resid=aabb6dd4868cbd84%21113|7c|26|7c|authkey=ahj5s_4ib6q8yeo"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003148/; classtype:trojan-activity;sid:82866248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.94.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003146/; classtype:trojan-activity;sid:82866246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.195.170.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003145/; classtype:trojan-activity;sid:82866245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.235.191.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003144/; classtype:trojan-activity;sid:82866244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.55.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003142/; classtype:trojan-activity;sid:82866242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.195.170.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003143/; classtype:trojan-activity;sid:82866243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.198.160.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003141/; classtype:trojan-activity;sid:82866241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.56.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003139/; classtype:trojan-activity;sid:82866239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003140)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.238.99.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003140/; classtype:trojan-activity;sid:82866240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003138)"; flow:established,from_client; content:"GET"; http_method; content:"/fer/fe6.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"0xb907d607"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003138/; classtype:trojan-activity;sid:82866238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.85.35.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003137/; classtype:trojan-activity;sid:82866237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003136)"; flow:established,from_client; content:"GET"; http_method; content:"/img/.final2.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.pahujalawacademy.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003136/; classtype:trojan-activity;sid:82866236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.19.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003133/; classtype:trojan-activity;sid:82866233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.204.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003134/; classtype:trojan-activity;sid:82866234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.122.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003135/; classtype:trojan-activity;sid:82866235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.178.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003131/; classtype:trojan-activity;sid:82866231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.187.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003132/; classtype:trojan-activity;sid:82866232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.77.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003127/; classtype:trojan-activity;sid:82866227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.99.199.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003128/; classtype:trojan-activity;sid:82866228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003129/; classtype:trojan-activity;sid:82866229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.214.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003130/; classtype:trojan-activity;sid:82866230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.55.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003125/; classtype:trojan-activity;sid:82866225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.59.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003126/; classtype:trojan-activity;sid:82866226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.204.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003124/; classtype:trojan-activity;sid:82866224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.122.71.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003123/; classtype:trojan-activity;sid:82866223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.1.236.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003122/; classtype:trojan-activity;sid:82866222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.240.29.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003121/; classtype:trojan-activity;sid:82866221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.227.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003119/; classtype:trojan-activity;sid:82866219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.85.34.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003120/; classtype:trojan-activity;sid:82866220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.51.67.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003118/; classtype:trojan-activity;sid:82866218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003117)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.42.254.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003117/; classtype:trojan-activity;sid:82866217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.7.86.247"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003116/; classtype:trojan-activity;sid:82866216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.151.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003114/; classtype:trojan-activity;sid:82866214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.102.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003115/; classtype:trojan-activity;sid:82866215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003113)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.26.110.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003113/; classtype:trojan-activity;sid:82866213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.127.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003110/; classtype:trojan-activity;sid:82866210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.185.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003111/; classtype:trojan-activity;sid:82866211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.38.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003112/; classtype:trojan-activity;sid:82866212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.56.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003109/; classtype:trojan-activity;sid:82866209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003108/; classtype:trojan-activity;sid:82866208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.176.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003107/; classtype:trojan-activity;sid:82866207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.74.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003106/; classtype:trojan-activity;sid:82866206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.93.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003105/; classtype:trojan-activity;sid:82866205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.83.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003104/; classtype:trojan-activity;sid:82866204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.85.34.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003103/; classtype:trojan-activity;sid:82866203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.85.34.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003102/; classtype:trojan-activity;sid:82866202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.179.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003101/; classtype:trojan-activity;sid:82866201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.178.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003100/; classtype:trojan-activity;sid:82866200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.8.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003099/; classtype:trojan-activity;sid:82866199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.195.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003095/; classtype:trojan-activity;sid:82866195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.83.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003096/; classtype:trojan-activity;sid:82866196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.42.63.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003097/; classtype:trojan-activity;sid:82866197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.44.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003098/; classtype:trojan-activity;sid:82866198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.82.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003092/; classtype:trojan-activity;sid:82866192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.91.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003093/; classtype:trojan-activity;sid:82866193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.254.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003094/; classtype:trojan-activity;sid:82866194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.19.145.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003091/; classtype:trojan-activity;sid:82866191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.221.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003090/; classtype:trojan-activity;sid:82866190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.134.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003089/; classtype:trojan-activity;sid:82866189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.85.35.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003088/; classtype:trojan-activity;sid:82866188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.128.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003086/; classtype:trojan-activity;sid:82866186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.206.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003087/; classtype:trojan-activity;sid:82866187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.176.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003084/; classtype:trojan-activity;sid:82866184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.230.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003085/; classtype:trojan-activity;sid:82866185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.84.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003083/; classtype:trojan-activity;sid:82866183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.250.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003078/; classtype:trojan-activity;sid:82866178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.247.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003079/; classtype:trojan-activity;sid:82866179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.107.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003080/; classtype:trojan-activity;sid:82866180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.32.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003081/; classtype:trojan-activity;sid:82866181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.229.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003082/; classtype:trojan-activity;sid:82866182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.52.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003077/; classtype:trojan-activity;sid:82866177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.102.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003076/; classtype:trojan-activity;sid:82866176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.164.46.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003075/; classtype:trojan-activity;sid:82866175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.172.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003074/; classtype:trojan-activity;sid:82866174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.113.212.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003073/; classtype:trojan-activity;sid:82866173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.111.134.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003072/; classtype:trojan-activity;sid:82866172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.204.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003071/; classtype:trojan-activity;sid:82866171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"140.237.14.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003069/; classtype:trojan-activity;sid:82866169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003070)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"67.191.70.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003070/; classtype:trojan-activity;sid:82866170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.192.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003068/; classtype:trojan-activity;sid:82866168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003066)"; flow:established,from_client; content:"GET"; http_method; content:"/b/y7fnzxv/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"247gag.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003066/; classtype:trojan-activity;sid:82866166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003067)"; flow:established,from_client; content:"GET"; http_method; content:"/distressedness/dn2zjcl8hyzmbxnwne/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"takhtejamshidkhalijfars.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003067/; classtype:trojan-activity;sid:82866167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.64.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003065/; classtype:trojan-activity;sid:82866165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.29.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003064/; classtype:trojan-activity;sid:82866164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.115.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003058/; classtype:trojan-activity;sid:82866158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.227.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003059/; classtype:trojan-activity;sid:82866159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.63.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003060/; classtype:trojan-activity;sid:82866160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.45.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003061/; classtype:trojan-activity;sid:82866161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.54.166.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003062/; classtype:trojan-activity;sid:82866162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.18.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003063/; classtype:trojan-activity;sid:82866163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003057)"; flow:established,from_client; content:"GET"; http_method; content:"/gmap/mdeu75x4ahphflk/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"happycrackers.bio"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003057/; classtype:trojan-activity;sid:82866157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003056)"; flow:established,from_client; content:"GET"; http_method; content:"/b/gnp/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"sigmalabssvg.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003056/; classtype:trojan-activity;sid:82866156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.245.167.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003054/; classtype:trojan-activity;sid:82866154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.183.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003055/; classtype:trojan-activity;sid:82866155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.112.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003053/; classtype:trojan-activity;sid:82866153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.243.164.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003051/; classtype:trojan-activity;sid:82866151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.19.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003050/; classtype:trojan-activity;sid:82866150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003046)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/374l8f6rih.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"asia999.website"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003046/; classtype:trojan-activity;sid:82866146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003047)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/qp/pc/e1tiginp.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"asteroidpannel.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003047/; classtype:trojan-activity;sid:82866147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003048)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/dz/tq/bcuconah.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"edupanel.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003048/; classtype:trojan-activity;sid:82866148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.238.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003043/; classtype:trojan-activity;sid:82866143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.89.11.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003044/; classtype:trojan-activity;sid:82866144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.67.18.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003045/; classtype:trojan-activity;sid:82866145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003040)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/8/oyl9wbqs1.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"asia999.website"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003040/; classtype:trojan-activity;sid:82866140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003041)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/rvkeu0e8ef.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hashup.pw"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003041/; classtype:trojan-activity;sid:82866141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.135.139.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003042/; classtype:trojan-activity;sid:82866142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003039)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/rc/kp/von2ukge.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nooraniwings.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003039/; classtype:trojan-activity;sid:82866139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003034)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/g3/si/cme5juqj.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"campusplanet.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003034/; classtype:trojan-activity;sid:82866134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003035)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/ve0lscsh7g.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"asia999.website"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003035/; classtype:trojan-activity;sid:82866135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003036)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/u/hjcimpdgi.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gatcomtech.co.za"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003036/; classtype:trojan-activity;sid:82866136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003037)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/e2/vs/dw8vxk1w.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"campusplanet.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003037/; classtype:trojan-activity;sid:82866137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003038)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/bo/n1/n5ytksdy.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"quque.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003038/; classtype:trojan-activity;sid:82866138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.117.218.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003031/; classtype:trojan-activity;sid:82866131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003032)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/0h/nw/9wjprngc.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"asteroidpannel.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003032/; classtype:trojan-activity;sid:82866132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003033)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/c/m1ah2q1ln.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"firnasshuman.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003033/; classtype:trojan-activity;sid:82866133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003023)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/qlcd35z7ed.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"rsc-host.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003023/; classtype:trojan-activity;sid:82866123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003024)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/a/vad8r05xa.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"edupanel.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003024/; classtype:trojan-activity;sid:82866124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003025)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/ae/n8/ybtnco6o.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"kenjisramen.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003025/; classtype:trojan-activity;sid:82866125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003026)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/gobktkcf7a.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kenjisramen.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003026/; classtype:trojan-activity;sid:82866126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003027)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/0/kliiphwiv.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"kenjisramen.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003027/; classtype:trojan-activity;sid:82866127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003028)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/1/9kjwefjzq.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"asia999.website"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003028/; classtype:trojan-activity;sid:82866128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003029)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/qlytoikv8a.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"asia999.website"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003029/; classtype:trojan-activity;sid:82866129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003030)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/rt7yxcmd1l.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"asia999.website"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003030/; classtype:trojan-activity;sid:82866130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003019)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/j/ngnltsdfg.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"erassy.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003019/; classtype:trojan-activity;sid:82866119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003020)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/hglfchaujs.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"asteroidpannel.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003020/; classtype:trojan-activity;sid:82866120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003021)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/wsg0t7zdxp.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"erassy.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003021/; classtype:trojan-activity;sid:82866121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003022)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/zo/x2/irgfe1gf.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"creditshoppers.com.ng"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003022/; classtype:trojan-activity;sid:82866122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003012)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/bzcjs5awfk.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"creditshoppers.com.ng"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003012/; classtype:trojan-activity;sid:82866112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003013)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/6/esb3f0cj6.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mattcomputadores.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003013/; classtype:trojan-activity;sid:82866113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003014)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/d/qveg92i5b.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"moririn.com.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003014/; classtype:trojan-activity;sid:82866114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003015)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/fz/lc/yewibfgl.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nooraniwings.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003015/; classtype:trojan-activity;sid:82866115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003016)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/p/bmbap0qgr.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"moririn.com.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003016/; classtype:trojan-activity;sid:82866116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003017)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/l/ay7ryccpi.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mont-rose.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003017/; classtype:trojan-activity;sid:82866117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003018)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/p/xyibfjzro.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rajdhanipaper.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003018/; classtype:trojan-activity;sid:82866118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003011)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/2/vs9evgvfx.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bastinhoneybeefarm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003011/; classtype:trojan-activity;sid:82866111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003003)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/l/avxd3xhm7.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"trendinges.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003003/; classtype:trojan-activity;sid:82866103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003004)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/mxeertfm7q.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mfasb.com.my"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003004/; classtype:trojan-activity;sid:82866104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003005)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/yyrzyb7iqv.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"treetopseye.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003005/; classtype:trojan-activity;sid:82866105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003006)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/dsn7wp6z2y.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"trendinges.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003006/; classtype:trojan-activity;sid:82866106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003007)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/ai/zd/cekokqee.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"hashup.pw"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003007/; classtype:trojan-activity;sid:82866107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003008)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/v64db3nhi9.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"econilcane.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003008/; classtype:trojan-activity;sid:82866108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003009)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/mq/sy/xbuynsts.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"asteroidpannel.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003009/; classtype:trojan-activity;sid:82866109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003010)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/iqds9xtvho.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"bmwchinhhang.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003010/; classtype:trojan-activity;sid:82866110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003002)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/u/3oaqv3w0z.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tabletopcatering.co"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003002/; classtype:trojan-activity;sid:82866102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003001)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/id/sn/ix0mipat.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"shamsibd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003001/; classtype:trojan-activity;sid:82866101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003000)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/3a/fr/tnd7wfpj.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ummc.care"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003000/; classtype:trojan-activity;sid:82866100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002996)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/qo/yv/iwjwiz6y.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002996/; classtype:trojan-activity;sid:82866096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002997)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/d/qomfnuzxl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bmwchinhhang.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002997/; classtype:trojan-activity;sid:82866097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002998)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/vu/2c/3ewdthhn.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bmwchinhhang.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002998/; classtype:trojan-activity;sid:82866098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002999)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/tocmb0dcuq.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"nooraniwings.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002999/; classtype:trojan-activity;sid:82866099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002989)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/b/uchm0kuok.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mattcomputadores.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002989/; classtype:trojan-activity;sid:82866089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002990)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/vs/ye/cxd0gosn.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mattcomputadores.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002990/; classtype:trojan-activity;sid:82866090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002991)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/b/c8gfqp9d6.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"royaldrycleaners.co.ke"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002991/; classtype:trojan-activity;sid:82866091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002992)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/z/qmy5x6tfs.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gatcomtech.co.za"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002992/; classtype:trojan-activity;sid:82866092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002993)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/r/qtjf7p929.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cepbeju.edu.mx"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002993/; classtype:trojan-activity;sid:82866093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002994)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/dgas2l0jqu.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vistatarh.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002994/; classtype:trojan-activity;sid:82866094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002995)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/hl/fc/6r1vbinh.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"revistacover.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002995/; classtype:trojan-activity;sid:82866095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002985)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/c3/7w/k5ir8uit.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cepbeju.edu.mx"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002985/; classtype:trojan-activity;sid:82866085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002986)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/f/datbxmytm.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"creditshoppers.com.ng"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002986/; classtype:trojan-activity;sid:82866086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002987)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/crcmymnsvh.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"campusplanet.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002987/; classtype:trojan-activity;sid:82866087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002988)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/hu/kx/4ergfwpv.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ditrppro.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002988/; classtype:trojan-activity;sid:82866088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002978)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/bf/rq/7kmizgtb.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"drfone.eu"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002978/; classtype:trojan-activity;sid:82866078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002979)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/7ylxjmjhus.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"erassy.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002979/; classtype:trojan-activity;sid:82866079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002980)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/jljp5w4ppm.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"nipi.co.za"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002980/; classtype:trojan-activity;sid:82866080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002981)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/00/wa/mcqypezy.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"shamsibd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002981/; classtype:trojan-activity;sid:82866081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002982)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/t/akqh3x52s.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"imertec.com.ec"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002982/; classtype:trojan-activity;sid:82866082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002983)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/l/gkesmfgtq.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hashup.pw"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002983/; classtype:trojan-activity;sid:82866083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002984)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/6/p25tvjhki.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"trendinges.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002984/; classtype:trojan-activity;sid:82866084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002975)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/sa6hvvy9c6.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"firnasshuman.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002975/; classtype:trojan-activity;sid:82866075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002976)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/pj/ag/9avlpczx.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"servicesnotebooks.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002976/; classtype:trojan-activity;sid:82866076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002977)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/6h/4p/xaj0ndvs.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"rjras.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002977/; classtype:trojan-activity;sid:82866077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002974)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/u/mhe0eio1i.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nelberk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002974/; classtype:trojan-activity;sid:82866074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002971)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/b/ub8xhexbw.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"nipi.co.za"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002971/; classtype:trojan-activity;sid:82866071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002972)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/me/qi/iu89zshd.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mfasb.com.my"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002972/; classtype:trojan-activity;sid:82866072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002973)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/rl/q5/ybp5pbxh.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"econilcane.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002973/; classtype:trojan-activity;sid:82866073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002966)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/g/bmr9qccho.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"shamsibd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002966/; classtype:trojan-activity;sid:82866066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002967)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/odllgyn5dk.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"bmwchinhhang.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002967/; classtype:trojan-activity;sid:82866067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002968)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/t/nuivpkkfi.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"rajdhanipaper.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002968/; classtype:trojan-activity;sid:82866068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002969)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/ban9nu9bwd.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"moririn.com.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002969/; classtype:trojan-activity;sid:82866069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002970)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/h/u73d8p2mu.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"devskb.app"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002970/; classtype:trojan-activity;sid:82866070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002957)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/fxnmgqt9tu.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"campusplanet.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002957/; classtype:trojan-activity;sid:82866057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002958)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/vz/lx/b5ayqdb9.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nelberk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002958/; classtype:trojan-activity;sid:82866058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002959)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/bmny7p4d0z.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"erassy.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002959/; classtype:trojan-activity;sid:82866059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002960)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/qf/qi/gf4ktqwt.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"vecmocon.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002960/; classtype:trojan-activity;sid:82866060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002961)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/o/vpllqxsj5.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vecmocon.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002961/; classtype:trojan-activity;sid:82866061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002962)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/x/muxbwsngp.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"devskb.app"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002962/; classtype:trojan-activity;sid:82866062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002963)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/tbmjxkhare.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"perutotheworldexpo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002963/; classtype:trojan-activity;sid:82866063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002964)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/awyb39vsuu.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"bastinhoneybeefarm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002964/; classtype:trojan-activity;sid:82866064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002965)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/s/qmvhvrb0k.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"trendinges.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002965/; classtype:trojan-activity;sid:82866065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002956)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/m595rw0hsy.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"drfone.eu"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002956/; classtype:trojan-activity;sid:82866056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002954)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/w6/za/n0wk7smk.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"campusplanet.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002954/; classtype:trojan-activity;sid:82866054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002955)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/h/ehajokyti.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"campusplanet.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002955/; classtype:trojan-activity;sid:82866055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002953)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/qytrdagphi.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"vecmocon.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002953/; classtype:trojan-activity;sid:82866053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002950)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/fn/om/j6szkw88.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"vistatarh.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002950/; classtype:trojan-activity;sid:82866050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002951)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/ol/nh/m0zrgelw.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ditrppro.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002951/; classtype:trojan-activity;sid:82866051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002952)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/7o/ut/e1f3yco7.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ummc.care"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002952/; classtype:trojan-activity;sid:82866052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002948)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/qdgd2mw3ks.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mont-rose.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002948/; classtype:trojan-activity;sid:82866048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002949)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/hb/pz/9y1adxy3.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ditrppro.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002949/; classtype:trojan-activity;sid:82866049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002946)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/ws/p0/rkvtrqwx.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"devskb.app"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002946/; classtype:trojan-activity;sid:82866046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002947)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/r0tezlt2fp.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sceh.net"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002947/; classtype:trojan-activity;sid:82866047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002941)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/cn/w3/fxdveky0.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"econilcane.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002941/; classtype:trojan-activity;sid:82866041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002942)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/kb/sl/7wvcxngz.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nipi.co.za"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002942/; classtype:trojan-activity;sid:82866042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002943)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/cq4tgfldpo.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"nipi.co.za"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002943/; classtype:trojan-activity;sid:82866043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002944)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/db/ls/bb30vndq.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002944/; classtype:trojan-activity;sid:82866044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002945)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/ng/pr/wwrnc4pk.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ummc.care"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002945/; classtype:trojan-activity;sid:82866045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002931)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/ihpby6murr.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sceh.net"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002931/; classtype:trojan-activity;sid:82866031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002932)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/hz/nk/scov4cqe.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"treetopseye.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002932/; classtype:trojan-activity;sid:82866032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002933)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/tix1y4d9gd.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"treetopseye.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002933/; classtype:trojan-activity;sid:82866033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002934)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/k8qnartnlq.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"smsabuja.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002934/; classtype:trojan-activity;sid:82866034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002935)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/9/4h5pvgyt1.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"vividsofttec.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002935/; classtype:trojan-activity;sid:82866035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002936)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/tj/em/xuw2gr3l.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"nelberk.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002936/; classtype:trojan-activity;sid:82866036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002937)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/av/dg/dnrwvuzw.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"moririn.com.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002937/; classtype:trojan-activity;sid:82866037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002938)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/fv/t7/cafuh67c.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"rjras.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002938/; classtype:trojan-activity;sid:82866038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002939)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/yx/iz/kulmunro.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bmwchinhhang.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002939/; classtype:trojan-activity;sid:82866039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002940)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/z/dmyxvzxwr.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sceh.net"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002940/; classtype:trojan-activity;sid:82866040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002923)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/j6hefm8hgw.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mont-rose.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002923/; classtype:trojan-activity;sid:82866023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002924)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/aag32fqrif.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"trendinges.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002924/; classtype:trojan-activity;sid:82866024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002925)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/im/1c/ebtqxffh.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002925/; classtype:trojan-activity;sid:82866025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002926)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/5d/7g/qupngpzj.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"rsc-host.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002926/; classtype:trojan-activity;sid:82866026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002927)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/xu/de/pfza41x1.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"vecmocon.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002927/; classtype:trojan-activity;sid:82866027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002928)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/d/rii6tpkjs.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"perutotheworldexpo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002928/; classtype:trojan-activity;sid:82866028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002929)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/mw/j7/qlilvint.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"perutotheworldexpo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002929/; classtype:trojan-activity;sid:82866029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002930)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/rr/ob/pynzifvk.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"perutotheworldexpo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002930/; classtype:trojan-activity;sid:82866030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002922)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/ac/sm/rxyvuqp7.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002922/; classtype:trojan-activity;sid:82866022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002921)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/er/lw/kecazf7f.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"clinicafisioterapiamurcia.es"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002921/; classtype:trojan-activity;sid:82866021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002902)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/w/dbqaug66j.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002902/; classtype:trojan-activity;sid:82866002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002903)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/ajmpszfe2l.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002903/; classtype:trojan-activity;sid:82866003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002904)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/gs/m0/pib47x6h.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002904/; classtype:trojan-activity;sid:82866004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002905)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/z99byjkl1u.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"mfasb.com.my"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002905/; classtype:trojan-activity;sid:82866005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002906)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/o/e4j8ub9m6.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002906/; classtype:trojan-activity;sid:82866006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002907)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/f/2tnxnqzgz.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002907/; classtype:trojan-activity;sid:82866007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002908)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/w8/4n/smv1wqaf.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002908/; classtype:trojan-activity;sid:82866008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002909)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/5/kho7dwfia.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002909/; classtype:trojan-activity;sid:82866009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002910)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/1meppoaaz8.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002910/; classtype:trojan-activity;sid:82866010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002911)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/em/gk/oeyywwc9.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002911/; classtype:trojan-activity;sid:82866011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002912)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/gdmm9o7g1f.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"nipi.co.za"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002912/; classtype:trojan-activity;sid:82866012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002913)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/r/vvie2f9k7.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002913/; classtype:trojan-activity;sid:82866013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002914)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/9/lt6ksfvsz.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002914/; classtype:trojan-activity;sid:82866014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002915)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/kg/rd/gajwookm.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002915/; classtype:trojan-activity;sid:82866015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002916)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/ww/yd/eb6chof5.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002916/; classtype:trojan-activity;sid:82866016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002917)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/wm/sa/dxoyefgr.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002917/; classtype:trojan-activity;sid:82866017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002918)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/zi/5v/7fope3a0.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002918/; classtype:trojan-activity;sid:82866018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002919)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/xq/nl/x5z7yy3e.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002919/; classtype:trojan-activity;sid:82866019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002920)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/f/neaqeo4bh.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"66825036-70-20181112115656.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002920/; classtype:trojan-activity;sid:82866020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002900)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/p/l6t6auunl.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"clinicafisioterapiamurcia.es"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002900/; classtype:trojan-activity;sid:82866000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002901)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr/3ukzrwufpa.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"clinicafisioterapiamurcia.es"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002901/; classtype:trojan-activity;sid:82866001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.44.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002899/; classtype:trojan-activity;sid:82865999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002898)"; flow:established,from_client; content:"GET"; http_method; content:"/fer/fe6.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.7.214.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002898/; classtype:trojan-activity;sid:82865998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002897)"; flow:established,from_client; content:"GET"; http_method; content:"/winos11pro/.win32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.89.90.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002897/; classtype:trojan-activity;sid:82865997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.97.150.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002896/; classtype:trojan-activity;sid:82865996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.60.121.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002895/; classtype:trojan-activity;sid:82865995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.196.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002894/; classtype:trojan-activity;sid:82865994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.145.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002892/; classtype:trojan-activity;sid:82865992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.231.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002893/; classtype:trojan-activity;sid:82865993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002889)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/r1u2sjfwwdrdujb/j/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"allfurdogs.co.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002889/; classtype:trojan-activity;sid:82865989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002890)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/hcbw/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sutliff.khamak.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002890/; classtype:trojan-activity;sid:82865990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002891)"; flow:established,from_client; content:"GET"; http_method; content:"/unsun/ucejcxkqkpnd3noa/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sekolahfundraising.pirac.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002891/; classtype:trojan-activity;sid:82865991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.44.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002888/; classtype:trojan-activity;sid:82865988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002887)"; flow:established,from_client; content:"GET"; http_method; content:"/content/qb0tq/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"empregos.d7ecebrmrt-pxr4kx5z53gn.p.runcloud.link"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002887/; classtype:trojan-activity;sid:82865987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.8.81"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002886/; classtype:trojan-activity;sid:82865986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002885)"; flow:established,from_client; content:"GET"; http_method; content:"/content/c8leepz0/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"portaldocidadao.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002885/; classtype:trojan-activity;sid:82865985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002884)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/p/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jzclcj.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002884/; classtype:trojan-activity;sid:82865984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002883)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ooq1hz9g1ggtnnw4e/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"erotica-foto.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002883/; classtype:trojan-activity;sid:82865983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.51.100.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002880/; classtype:trojan-activity;sid:82865980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.133.192.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002881/; classtype:trojan-activity;sid:82865981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002882)"; flow:established,from_client; content:"GET"; http_method; content:"/epistemic/ytxm7fka7dzwsvv/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"xn--72cg7aqv0asf6bd3ec3rla.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002882/; classtype:trojan-activity;sid:82865982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002879)"; flow:established,from_client; content:"GET"; http_method; content:"/b/nfh6b/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bonicci.in"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002879/; classtype:trojan-activity;sid:82865979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.171.183.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002877/; classtype:trojan-activity;sid:82865977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.58.245.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002878/; classtype:trojan-activity;sid:82865978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002876)"; flow:established,from_client; content:"GET"; http_method; content:"/cterq/keg/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"journeypropertysolutions.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002876/; classtype:trojan-activity;sid:82865976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.176.52.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002874/; classtype:trojan-activity;sid:82865974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.46.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002869/; classtype:trojan-activity;sid:82865969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.71.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002870/; classtype:trojan-activity;sid:82865970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.48.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002871/; classtype:trojan-activity;sid:82865971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.227.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002872/; classtype:trojan-activity;sid:82865972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.97.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002873/; classtype:trojan-activity;sid:82865973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002868)"; flow:established,from_client; content:"GET"; http_method; content:"/fer/fe6.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"0xb907d607"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002868/; classtype:trojan-activity;sid:82865968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002867)"; flow:established,from_client; content:"GET"; http_method; content:"/fer/fe6.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.7.214.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002867/; classtype:trojan-activity;sid:82865967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.113.212.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002866/; classtype:trojan-activity;sid:82865966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.40.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002865/; classtype:trojan-activity;sid:82865965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.212.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002863/; classtype:trojan-activity;sid:82865963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002864)"; flow:established,from_client; content:"GET"; http_method; content:"/static/software/t1_net.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"xn----7sbhgfcdscaa3cdd6dq3e3dvf.xn--p1ai"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002864/; classtype:trojan-activity;sid:82865964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.164.46.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002862/; classtype:trojan-activity;sid:82865962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"140.237.14.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002861/; classtype:trojan-activity;sid:82865961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.44.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002860/; classtype:trojan-activity;sid:82865960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.215.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002859/; classtype:trojan-activity;sid:82865959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002856)"; flow:established,from_client; content:"GET"; http_method; content:"/sec/se4.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"92.255.57.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002856/; classtype:trojan-activity;sid:82865956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002857)"; flow:established,from_client; content:"GET"; http_method; content:"/sec/se4.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"0x5cff39c3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002857/; classtype:trojan-activity;sid:82865957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.163.8.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002858/; classtype:trojan-activity;sid:82865958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.153.130.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002855/; classtype:trojan-activity;sid:82865955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.18.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002854/; classtype:trojan-activity;sid:82865954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.140.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002853/; classtype:trojan-activity;sid:82865953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.210.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002852/; classtype:trojan-activity;sid:82865952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002850)"; flow:established,from_client; content:"GET"; http_method; content:"/sec/se4.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"0x5cff39c3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002850/; classtype:trojan-activity;sid:82865950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002851)"; flow:established,from_client; content:"GET"; http_method; content:"/sec/se4.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"92.255.57.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002851/; classtype:trojan-activity;sid:82865951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.80.200.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002849/; classtype:trojan-activity;sid:82865949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.238.123.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002847/; classtype:trojan-activity;sid:82865947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.159.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002848/; classtype:trojan-activity;sid:82865948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.197.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002845/; classtype:trojan-activity;sid:82865945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.196.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002846/; classtype:trojan-activity;sid:82865946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.248.34.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002844/; classtype:trojan-activity;sid:82865944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002842)"; flow:established,from_client; content:"GET"; http_method; content:"/connect-adcb.com/2022_january_document_review.hta|3f|rid=sraf20r"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"s3.me-south-1.amazonaws.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002842/; classtype:trojan-activity;sid:82865942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.6.135.164"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002843/; classtype:trojan-activity;sid:82865943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.117.218.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002838/; classtype:trojan-activity;sid:82865938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.174.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002837/; classtype:trojan-activity;sid:82865937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.83.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002832/; classtype:trojan-activity;sid:82865932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.78.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002833/; classtype:trojan-activity;sid:82865933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.159.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002834/; classtype:trojan-activity;sid:82865934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.101.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002835/; classtype:trojan-activity;sid:82865935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.224.168.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002836/; classtype:trojan-activity;sid:82865936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.11.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002831/; classtype:trojan-activity;sid:82865931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.148.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002829/; classtype:trojan-activity;sid:82865929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.183.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002830/; classtype:trojan-activity;sid:82865930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.9.115"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002828/; classtype:trojan-activity;sid:82865928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.8.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002827/; classtype:trojan-activity;sid:82865927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.208.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002825/; classtype:trojan-activity;sid:82865925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.196.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002826/; classtype:trojan-activity;sid:82865926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.172.11.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002823/; classtype:trojan-activity;sid:82865923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.181.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002824/; classtype:trojan-activity;sid:82865924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.195.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002822/; classtype:trojan-activity;sid:82865922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.90.246.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002821/; classtype:trojan-activity;sid:82865921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002820)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/wp-roilbask/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"emekatex.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002820/; classtype:trojan-activity;sid:82865920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002819)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/wp-roilbask/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"extenddeveloper.tk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002819/; classtype:trojan-activity;sid:82865919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.55.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002818/; classtype:trojan-activity;sid:82865918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.171.181.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002817/; classtype:trojan-activity;sid:82865917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.44.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002816/; classtype:trojan-activity;sid:82865916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.160.220.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002811/; classtype:trojan-activity;sid:82865911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.135.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002812/; classtype:trojan-activity;sid:82865912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.7.89.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002813/; classtype:trojan-activity;sid:82865913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.203.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002814/; classtype:trojan-activity;sid:82865914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.23.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002815/; classtype:trojan-activity;sid:82865915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.32.200.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002810/; classtype:trojan-activity;sid:82865910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.133.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002808/; classtype:trojan-activity;sid:82865908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.38.180.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002809/; classtype:trojan-activity;sid:82865909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.180.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002805/; classtype:trojan-activity;sid:82865905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.182.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002806/; classtype:trojan-activity;sid:82865906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.100.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002807/; classtype:trojan-activity;sid:82865907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.84.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002802/; classtype:trojan-activity;sid:82865902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.207.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002803/; classtype:trojan-activity;sid:82865903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.245.204.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002804/; classtype:trojan-activity;sid:82865904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.10.147.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002801/; classtype:trojan-activity;sid:82865901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.189.79.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002800/; classtype:trojan-activity;sid:82865900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002799)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.240.72.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002799/; classtype:trojan-activity;sid:82865899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.73.36.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002798/; classtype:trojan-activity;sid:82865898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002797)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/o6t4f0h7zh76b8/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"nameyq.ltd"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002797/; classtype:trojan-activity;sid:82865897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002796)"; flow:established,from_client; content:"GET"; http_method; content:"/3kyd3/5t7usfwbs/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"fomobaby.app"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002796/; classtype:trojan-activity;sid:82865896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002795)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/0ajby7naal/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"qingtianxcx.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002795/; classtype:trojan-activity;sid:82865895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002794)"; flow:established,from_client; content:"GET"; http_method; content:"/well-known/fuk/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.244.189.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002794/; classtype:trojan-activity;sid:82865894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002793)"; flow:established,from_client; content:"GET"; http_method; content:"/content/7f5/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"i-emporio.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002793/; classtype:trojan-activity;sid:82865893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002791)"; flow:established,from_client; content:"GET"; http_method; content:"/database/7fkrhec/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"academy.crownandchamparesorts.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002791/; classtype:trojan-activity;sid:82865891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.96.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002792/; classtype:trojan-activity;sid:82865892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002788)"; flow:established,from_client; content:"GET"; http_method; content:"/83wg6z/ouchxjmm/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"firstfitschool.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002788/; classtype:trojan-activity;sid:82865888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002789)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/cwozyw9/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www2.fifa69.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002789/; classtype:trojan-activity;sid:82865889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002790)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/mmbo/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hdgamer.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002790/; classtype:trojan-activity;sid:82865890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.105.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002787/; classtype:trojan-activity;sid:82865887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.140.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002786/; classtype:trojan-activity;sid:82865886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.218.251.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002785/; classtype:trojan-activity;sid:82865885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.178.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002784/; classtype:trojan-activity;sid:82865884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.194.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002782/; classtype:trojan-activity;sid:82865882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.155.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002783/; classtype:trojan-activity;sid:82865883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.205.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002781/; classtype:trojan-activity;sid:82865881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.254.87.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002779/; classtype:trojan-activity;sid:82865879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.191.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002780/; classtype:trojan-activity;sid:82865880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.0.32.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002778/; classtype:trojan-activity;sid:82865878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.35.243.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002776/; classtype:trojan-activity;sid:82865876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.90.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002777/; classtype:trojan-activity;sid:82865877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.146.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002774/; classtype:trojan-activity;sid:82865874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.171.181.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002775/; classtype:trojan-activity;sid:82865875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.163.15.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002773/; classtype:trojan-activity;sid:82865873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002771/; classtype:trojan-activity;sid:82865871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.236.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002772/; classtype:trojan-activity;sid:82865872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.34.139.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002770/; classtype:trojan-activity;sid:82865870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.133.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002769/; classtype:trojan-activity;sid:82865869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.228.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002766/; classtype:trojan-activity;sid:82865866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.175.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002767/; classtype:trojan-activity;sid:82865867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.35.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002768/; classtype:trojan-activity;sid:82865868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.125.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002765/; classtype:trojan-activity;sid:82865865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.207.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002764/; classtype:trojan-activity;sid:82865864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.133.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002761/; classtype:trojan-activity;sid:82865861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.41.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002762/; classtype:trojan-activity;sid:82865862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.193.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002763/; classtype:trojan-activity;sid:82865863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.29.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002760/; classtype:trojan-activity;sid:82865860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.90.121.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002759/; classtype:trojan-activity;sid:82865859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.113.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002757/; classtype:trojan-activity;sid:82865857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.10.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002758/; classtype:trojan-activity;sid:82865858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.180.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002756/; classtype:trojan-activity;sid:82865856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.120.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002755/; classtype:trojan-activity;sid:82865855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.146.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002754/; classtype:trojan-activity;sid:82865854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.17.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002745/; classtype:trojan-activity;sid:82865845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.181.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002746/; classtype:trojan-activity;sid:82865846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.135.139.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002747/; classtype:trojan-activity;sid:82865847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.160.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002748/; classtype:trojan-activity;sid:82865848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.180.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002749/; classtype:trojan-activity;sid:82865849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.83.130.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002750/; classtype:trojan-activity;sid:82865850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.178.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002751/; classtype:trojan-activity;sid:82865851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.2.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002752/; classtype:trojan-activity;sid:82865852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.35.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002753/; classtype:trojan-activity;sid:82865853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.221.12.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002744/; classtype:trojan-activity;sid:82865844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.133.192.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002743/; classtype:trojan-activity;sid:82865843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.121.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002742/; classtype:trojan-activity;sid:82865842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.86.152.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002740/; classtype:trojan-activity;sid:82865840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.187.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002741/; classtype:trojan-activity;sid:82865841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.232.131.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002739/; classtype:trojan-activity;sid:82865839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002738)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.99.204.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002738/; classtype:trojan-activity;sid:82865838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.236.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002737/; classtype:trojan-activity;sid:82865837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.47.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002736/; classtype:trojan-activity;sid:82865836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.150.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002735/; classtype:trojan-activity;sid:82865835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.217.123.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002732/; classtype:trojan-activity;sid:82865832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.19.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002733/; classtype:trojan-activity;sid:82865833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.122.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002734/; classtype:trojan-activity;sid:82865834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.187.192.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002727/; classtype:trojan-activity;sid:82865827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.27.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002728/; classtype:trojan-activity;sid:82865828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.172.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002729/; classtype:trojan-activity;sid:82865829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.29.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002730/; classtype:trojan-activity;sid:82865830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.240.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002731/; classtype:trojan-activity;sid:82865831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.75.44.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002726/; classtype:trojan-activity;sid:82865826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.23.78.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002725/; classtype:trojan-activity;sid:82865825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.171.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002723/; classtype:trojan-activity;sid:82865823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.210.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002724/; classtype:trojan-activity;sid:82865824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.142.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002722/; classtype:trojan-activity;sid:82865822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.61.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002718/; classtype:trojan-activity;sid:82865818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.246.223.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002719/; classtype:trojan-activity;sid:82865819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.85.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002720/; classtype:trojan-activity;sid:82865820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.134.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002721/; classtype:trojan-activity;sid:82865821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.75.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002717/; classtype:trojan-activity;sid:82865817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.180.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002716/; classtype:trojan-activity;sid:82865816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.232.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002715/; classtype:trojan-activity;sid:82865815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.121.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002714/; classtype:trojan-activity;sid:82865814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.95.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002713/; classtype:trojan-activity;sid:82865813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002712)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.241.181.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002712/; classtype:trojan-activity;sid:82865812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.56.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002710/; classtype:trojan-activity;sid:82865810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.45.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002711/; classtype:trojan-activity;sid:82865811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.175.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002709/; classtype:trojan-activity;sid:82865809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.164.95.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002708/; classtype:trojan-activity;sid:82865808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.25.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002707/; classtype:trojan-activity;sid:82865807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.255.125.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002706/; classtype:trojan-activity;sid:82865806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.86.152.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002705/; classtype:trojan-activity;sid:82865805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.9.94.240"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002704/; classtype:trojan-activity;sid:82865804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.150.179.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002703/; classtype:trojan-activity;sid:82865803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.88.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002701/; classtype:trojan-activity;sid:82865801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.137.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002702/; classtype:trojan-activity;sid:82865802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.122.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002699/; classtype:trojan-activity;sid:82865799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.35.146"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002700/; classtype:trojan-activity;sid:82865800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.8.71"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002697/; classtype:trojan-activity;sid:82865797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.15.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002698/; classtype:trojan-activity;sid:82865798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.203.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002696/; classtype:trojan-activity;sid:82865796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.51.100.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002695/; classtype:trojan-activity;sid:82865795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.125.190.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002694/; classtype:trojan-activity;sid:82865794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.120.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002690/; classtype:trojan-activity;sid:82865790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.77.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002691/; classtype:trojan-activity;sid:82865791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.178.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002692/; classtype:trojan-activity;sid:82865792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.59.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002693/; classtype:trojan-activity;sid:82865793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.25.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002687/; classtype:trojan-activity;sid:82865787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.86.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002688/; classtype:trojan-activity;sid:82865788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.175.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002689/; classtype:trojan-activity;sid:82865789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.161.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002685/; classtype:trojan-activity;sid:82865785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002686/; classtype:trojan-activity;sid:82865786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002684)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/923619112809275422/931268606724014120/client.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002684/; classtype:trojan-activity;sid:82865784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.232.131.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002683/; classtype:trojan-activity;sid:82865783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002682)"; flow:established,from_client; content:"GET"; http_method; content:"/5544/vbc.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.12.127.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002682/; classtype:trojan-activity;sid:82865782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002681)"; flow:established,from_client; content:"GET"; http_method; content:"/4000/vbc.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.210.219.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002681/; classtype:trojan-activity;sid:82865781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002680)"; flow:established,from_client; content:"GET"; http_method; content:"/61e2c5049d241h|3f|dl|3f|raw"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"dl.uploadgram.me"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002680/; classtype:trojan-activity;sid:82865780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002679)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.19.237.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002679/; classtype:trojan-activity;sid:82865779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002678)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"solitudeempresasfactura.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002678/; classtype:trojan-activity;sid:82865778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.60.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002677/; classtype:trojan-activity;sid:82865777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.208.122.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002676/; classtype:trojan-activity;sid:82865776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.199.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002675/; classtype:trojan-activity;sid:82865775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.70.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002672/; classtype:trojan-activity;sid:82865772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.5.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002673/; classtype:trojan-activity;sid:82865773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.154.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002674/; classtype:trojan-activity;sid:82865774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.78.107.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002670/; classtype:trojan-activity;sid:82865770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.143.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002671/; classtype:trojan-activity;sid:82865771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.58.182.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002669/; classtype:trojan-activity;sid:82865769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.185.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002667/; classtype:trojan-activity;sid:82865767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.241.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002668/; classtype:trojan-activity;sid:82865768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.80.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002666/; classtype:trojan-activity;sid:82865766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.146.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002662/; classtype:trojan-activity;sid:82865762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.221.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002663/; classtype:trojan-activity;sid:82865763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.89.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002664/; classtype:trojan-activity;sid:82865764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.93.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002665/; classtype:trojan-activity;sid:82865765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.104.182.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002661/; classtype:trojan-activity;sid:82865761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.191.205.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002660/; classtype:trojan-activity;sid:82865760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.13.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002659/; classtype:trojan-activity;sid:82865759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.95.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002658/; classtype:trojan-activity;sid:82865758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.181.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002657/; classtype:trojan-activity;sid:82865757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.51.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002656/; classtype:trojan-activity;sid:82865756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.102.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002654/; classtype:trojan-activity;sid:82865754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.232.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002655/; classtype:trojan-activity;sid:82865755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.75.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002653/; classtype:trojan-activity;sid:82865753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002652)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2022/01/remittanceadvicescp109.xll"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"gethomevaluerestoration.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002652/; classtype:trojan-activity;sid:82865752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.60.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002651/; classtype:trojan-activity;sid:82865751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.5.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002650/; classtype:trojan-activity;sid:82865750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.160.6.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002649/; classtype:trojan-activity;sid:82865749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.174.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002646/; classtype:trojan-activity;sid:82865746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002647/; classtype:trojan-activity;sid:82865747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.36.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002648/; classtype:trojan-activity;sid:82865748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.12.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002645/; classtype:trojan-activity;sid:82865745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.146.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002640/; classtype:trojan-activity;sid:82865740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.182.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002641/; classtype:trojan-activity;sid:82865741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.30.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002642/; classtype:trojan-activity;sid:82865742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.3.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002643/; classtype:trojan-activity;sid:82865743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.212.50.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002644/; classtype:trojan-activity;sid:82865744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.41.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002637/; classtype:trojan-activity;sid:82865737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.11.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002638/; classtype:trojan-activity;sid:82865738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.96.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002639/; classtype:trojan-activity;sid:82865739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.164.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002636/; classtype:trojan-activity;sid:82865736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002635)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.216.231.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002635/; classtype:trojan-activity;sid:82865735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.199.168.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002633/; classtype:trojan-activity;sid:82865733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.105.67.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002634/; classtype:trojan-activity;sid:82865734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.124.5.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002632/; classtype:trojan-activity;sid:82865732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.45.86.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002631/; classtype:trojan-activity;sid:82865731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.44.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002630/; classtype:trojan-activity;sid:82865730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.28.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002629/; classtype:trojan-activity;sid:82865729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002628)"; flow:established,from_client; content:"GET"; http_method; content:"/static/859653/image/new/zoomlogo.png"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"d1gy8jdhm45lij.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002628/; classtype:trojan-activity;sid:82865728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002627)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.161.62.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002627/; classtype:trojan-activity;sid:82865727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.0.49.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002626/; classtype:trojan-activity;sid:82865726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.181.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002624/; classtype:trojan-activity;sid:82865724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.199.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002625/; classtype:trojan-activity;sid:82865725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.180.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002623/; classtype:trojan-activity;sid:82865723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.94.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002622/; classtype:trojan-activity;sid:82865722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.91.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002619/; classtype:trojan-activity;sid:82865719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.114.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002620/; classtype:trojan-activity;sid:82865720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.85.34.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002621/; classtype:trojan-activity;sid:82865721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.76.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002617/; classtype:trojan-activity;sid:82865717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.102.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002618/; classtype:trojan-activity;sid:82865718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.179.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002615/; classtype:trojan-activity;sid:82865715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.5.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002616/; classtype:trojan-activity;sid:82865716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.199.210.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002613/; classtype:trojan-activity;sid:82865713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.112.213.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002614/; classtype:trojan-activity;sid:82865714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.102.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002612/; classtype:trojan-activity;sid:82865712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.101.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002611/; classtype:trojan-activity;sid:82865711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.90.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002610/; classtype:trojan-activity;sid:82865710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.5.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002609/; classtype:trojan-activity;sid:82865709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.64.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002607/; classtype:trojan-activity;sid:82865707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.14.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002608/; classtype:trojan-activity;sid:82865708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.99.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002606/; classtype:trojan-activity;sid:82865706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.162.167.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002605/; classtype:trojan-activity;sid:82865705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.247.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002604/; classtype:trojan-activity;sid:82865704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.64.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002603/; classtype:trojan-activity;sid:82865703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.13.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002601/; classtype:trojan-activity;sid:82865701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.14.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002602/; classtype:trojan-activity;sid:82865702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.150.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002600/; classtype:trojan-activity;sid:82865700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.255.125.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002599/; classtype:trojan-activity;sid:82865699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.187.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002597/; classtype:trojan-activity;sid:82865697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.186.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002598/; classtype:trojan-activity;sid:82865698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.107.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002591/; classtype:trojan-activity;sid:82865691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.250.50.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002592/; classtype:trojan-activity;sid:82865692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.249.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002593/; classtype:trojan-activity;sid:82865693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.222.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002594/; classtype:trojan-activity;sid:82865694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.179.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002595/; classtype:trojan-activity;sid:82865695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.85.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002596/; classtype:trojan-activity;sid:82865696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.24.100.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002587/; classtype:trojan-activity;sid:82865687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.208.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002588/; classtype:trojan-activity;sid:82865688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.182.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002589/; classtype:trojan-activity;sid:82865689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.210.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002590/; classtype:trojan-activity;sid:82865690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.88.209.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002586/; classtype:trojan-activity;sid:82865686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.53.216.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002585/; classtype:trojan-activity;sid:82865685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.64.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002584/; classtype:trojan-activity;sid:82865684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.194.143.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002583/; classtype:trojan-activity;sid:82865683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.146.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002581/; classtype:trojan-activity;sid:82865681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.97.201.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002582/; classtype:trojan-activity;sid:82865682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.190.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002579/; classtype:trojan-activity;sid:82865679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.185.62.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002580/; classtype:trojan-activity;sid:82865680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.161.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002577/; classtype:trojan-activity;sid:82865677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.120.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002578/; classtype:trojan-activity;sid:82865678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.23.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002575/; classtype:trojan-activity;sid:82865675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.183.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002576/; classtype:trojan-activity;sid:82865676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.52.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002572/; classtype:trojan-activity;sid:82865672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.137.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002573/; classtype:trojan-activity;sid:82865673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.54.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002574/; classtype:trojan-activity;sid:82865674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.237.156.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002571/; classtype:trojan-activity;sid:82865671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.48.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002569/; classtype:trojan-activity;sid:82865669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.160.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002570/; classtype:trojan-activity;sid:82865670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.99.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002566/; classtype:trojan-activity;sid:82865666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.231.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002567/; classtype:trojan-activity;sid:82865667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.76.122.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002568/; classtype:trojan-activity;sid:82865668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.239.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002562/; classtype:trojan-activity;sid:82865662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.170.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002563/; classtype:trojan-activity;sid:82865663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.226.245.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002564/; classtype:trojan-activity;sid:82865664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.139.28.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002565/; classtype:trojan-activity;sid:82865665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.30.250.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002561/; classtype:trojan-activity;sid:82865661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.88.247.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002559/; classtype:trojan-activity;sid:82865659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.7.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002560/; classtype:trojan-activity;sid:82865660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.4.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002558/; classtype:trojan-activity;sid:82865658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.30.29.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002557/; classtype:trojan-activity;sid:82865657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.187.229.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002556/; classtype:trojan-activity;sid:82865656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.4.233.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002555/; classtype:trojan-activity;sid:82865655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.74.93.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002554/; classtype:trojan-activity;sid:82865654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.139.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002553/; classtype:trojan-activity;sid:82865653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.118.205.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002552/; classtype:trojan-activity;sid:82865652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.223.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002551/; classtype:trojan-activity;sid:82865651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.12.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002549/; classtype:trojan-activity;sid:82865649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.182.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002550/; classtype:trojan-activity;sid:82865650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.97.176.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002546/; classtype:trojan-activity;sid:82865646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.76.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002547/; classtype:trojan-activity;sid:82865647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.254.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002548/; classtype:trojan-activity;sid:82865648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"140.237.28.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002545/; classtype:trojan-activity;sid:82865645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.115.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002543/; classtype:trojan-activity;sid:82865643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.128.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002544/; classtype:trojan-activity;sid:82865644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.194.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002542/; classtype:trojan-activity;sid:82865642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002541)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/930144290422816820/930153249556807680/gamesetup.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002541/; classtype:trojan-activity;sid:82865641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.228.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002540/; classtype:trojan-activity;sid:82865640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.147.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002538/; classtype:trojan-activity;sid:82865638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.156.231.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002539/; classtype:trojan-activity;sid:82865639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002537)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/933938540058902631/935033135429722132/uhlawnwucosrckggpwqopqnnmlsinlc"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002537/; classtype:trojan-activity;sid:82865637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002536)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/934207259230224437/934994391767080990/thelaberynth.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002536/; classtype:trojan-activity;sid:82865636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.209.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002535/; classtype:trojan-activity;sid:82865635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.139.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002534/; classtype:trojan-activity;sid:82865634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.130.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002533/; classtype:trojan-activity;sid:82865633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.91.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002531/; classtype:trojan-activity;sid:82865631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.67.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002532/; classtype:trojan-activity;sid:82865632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.55.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002527/; classtype:trojan-activity;sid:82865627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.35.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002528/; classtype:trojan-activity;sid:82865628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.31.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002529/; classtype:trojan-activity;sid:82865629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.182.47.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002530/; classtype:trojan-activity;sid:82865630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.150.74.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002526/; classtype:trojan-activity;sid:82865626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.134.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002525/; classtype:trojan-activity;sid:82865625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.3.3.249"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002524/; classtype:trojan-activity;sid:82865624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.175.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002520/; classtype:trojan-activity;sid:82865620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002521/; classtype:trojan-activity;sid:82865621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.19.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002522/; classtype:trojan-activity;sid:82865622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.75.250.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002523/; classtype:trojan-activity;sid:82865623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.67.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002519/; classtype:trojan-activity;sid:82865619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.196.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002517/; classtype:trojan-activity;sid:82865617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.227.151.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002518/; classtype:trojan-activity;sid:82865618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.139.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002516/; classtype:trojan-activity;sid:82865616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002515)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.170.163.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002515/; classtype:trojan-activity;sid:82865615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002514)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.14.225.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002514/; classtype:trojan-activity;sid:82865614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.85.34.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002513/; classtype:trojan-activity;sid:82865613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.36.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002512/; classtype:trojan-activity;sid:82865612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.128.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002510/; classtype:trojan-activity;sid:82865610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.16.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002511/; classtype:trojan-activity;sid:82865611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.181.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002507/; classtype:trojan-activity;sid:82865607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.68.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002508/; classtype:trojan-activity;sid:82865608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.244.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002509/; classtype:trojan-activity;sid:82865609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.147.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002506/; classtype:trojan-activity;sid:82865606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.174.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002505/; classtype:trojan-activity;sid:82865605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.90.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002503/; classtype:trojan-activity;sid:82865603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.202.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002504/; classtype:trojan-activity;sid:82865604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.33.128.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002502/; classtype:trojan-activity;sid:82865602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.57.101.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002501/; classtype:trojan-activity;sid:82865601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.25.255.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002500/; classtype:trojan-activity;sid:82865600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.255.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002497/; classtype:trojan-activity;sid:82865597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.169.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002498/; classtype:trojan-activity;sid:82865598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.246.159.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002499/; classtype:trojan-activity;sid:82865599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.255.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002492/; classtype:trojan-activity;sid:82865592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.102.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002493/; classtype:trojan-activity;sid:82865593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.117.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002494/; classtype:trojan-activity;sid:82865594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.235.185.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002495/; classtype:trojan-activity;sid:82865595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.180.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002496/; classtype:trojan-activity;sid:82865596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.174.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002489/; classtype:trojan-activity;sid:82865589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.139.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002490/; classtype:trojan-activity;sid:82865590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.194.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002491/; classtype:trojan-activity;sid:82865591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002488/; classtype:trojan-activity;sid:82865588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.182.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002487/; classtype:trojan-activity;sid:82865587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.45.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002486/; classtype:trojan-activity;sid:82865586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.17.10.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002484/; classtype:trojan-activity;sid:82865584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.195.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002485/; classtype:trojan-activity;sid:82865585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.15.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002482/; classtype:trojan-activity;sid:82865582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.101.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002483/; classtype:trojan-activity;sid:82865583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002481)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.130.120.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002481/; classtype:trojan-activity;sid:82865581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.112.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002478/; classtype:trojan-activity;sid:82865578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.8.250.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002479/; classtype:trojan-activity;sid:82865579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.47.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002480/; classtype:trojan-activity;sid:82865580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.117.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002476/; classtype:trojan-activity;sid:82865576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.208.96.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002477/; classtype:trojan-activity;sid:82865577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.54.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002475/; classtype:trojan-activity;sid:82865575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.10.206.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002474/; classtype:trojan-activity;sid:82865574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002473/; classtype:trojan-activity;sid:82865573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.175.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002472/; classtype:trojan-activity;sid:82865572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.30.29.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002470/; classtype:trojan-activity;sid:82865570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.34.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002471/; classtype:trojan-activity;sid:82865571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.165.76.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002467/; classtype:trojan-activity;sid:82865567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.222.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002468/; classtype:trojan-activity;sid:82865568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.51.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002469/; classtype:trojan-activity;sid:82865569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.156.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002466/; classtype:trojan-activity;sid:82865566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.253.126.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002463/; classtype:trojan-activity;sid:82865563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.190.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002464/; classtype:trojan-activity;sid:82865564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.120.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002465/; classtype:trojan-activity;sid:82865565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.235.229.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002462/; classtype:trojan-activity;sid:82865562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.8.114.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002461/; classtype:trojan-activity;sid:82865561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002460)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.163.146.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002460/; classtype:trojan-activity;sid:82865560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.194.31.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002459/; classtype:trojan-activity;sid:82865559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.139.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002458/; classtype:trojan-activity;sid:82865558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.118.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002457/; classtype:trojan-activity;sid:82865557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.118.191.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002456/; classtype:trojan-activity;sid:82865556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.52.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002455/; classtype:trojan-activity;sid:82865555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.20.163.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002454/; classtype:trojan-activity;sid:82865554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002453)"; flow:established,from_client; content:"GET"; http_method; content:"/googlecould/.win32.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.89.90.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002453/; classtype:trojan-activity;sid:82865553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002452)"; flow:established,from_client; content:"GET"; http_method; content:"/files/04305c49a3a03ba4394522766385550a.jpg"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dropmb.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002452/; classtype:trojan-activity;sid:82865552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.60.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002448/; classtype:trojan-activity;sid:82865548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.217.121.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002449/; classtype:trojan-activity;sid:82865549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.87.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002450/; classtype:trojan-activity;sid:82865550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.9.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002451/; classtype:trojan-activity;sid:82865551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.93.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002447/; classtype:trojan-activity;sid:82865547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.230.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002445/; classtype:trojan-activity;sid:82865545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.147.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002446/; classtype:trojan-activity;sid:82865546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.116.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002444/; classtype:trojan-activity;sid:82865544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.170.44.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002443/; classtype:trojan-activity;sid:82865543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.83.84.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002442/; classtype:trojan-activity;sid:82865542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.192.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002440/; classtype:trojan-activity;sid:82865540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.102.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002441/; classtype:trojan-activity;sid:82865541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.96.5.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002439/; classtype:trojan-activity;sid:82865539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.9.43.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002438/; classtype:trojan-activity;sid:82865538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.253.102.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002437/; classtype:trojan-activity;sid:82865537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.25.95.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002436/; classtype:trojan-activity;sid:82865536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.182.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002434/; classtype:trojan-activity;sid:82865534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.111.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002435/; classtype:trojan-activity;sid:82865535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.173.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002433/; classtype:trojan-activity;sid:82865533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.117.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002432/; classtype:trojan-activity;sid:82865532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.30.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002431/; classtype:trojan-activity;sid:82865531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.248.154.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002430/; classtype:trojan-activity;sid:82865530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.101.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002425/; classtype:trojan-activity;sid:82865525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.187.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002426/; classtype:trojan-activity;sid:82865526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.47.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002427/; classtype:trojan-activity;sid:82865527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.84.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002428/; classtype:trojan-activity;sid:82865528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.164.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002429/; classtype:trojan-activity;sid:82865529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.230.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002424/; classtype:trojan-activity;sid:82865524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.9.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002423/; classtype:trojan-activity;sid:82865523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.48.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002420/; classtype:trojan-activity;sid:82865520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.249.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002421/; classtype:trojan-activity;sid:82865521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.50.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002422/; classtype:trojan-activity;sid:82865522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.237.246.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002416/; classtype:trojan-activity;sid:82865516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.238.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002417/; classtype:trojan-activity;sid:82865517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.219.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002418/; classtype:trojan-activity;sid:82865518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.249.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002419/; classtype:trojan-activity;sid:82865519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.180.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002415/; classtype:trojan-activity;sid:82865515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.82.141.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002412/; classtype:trojan-activity;sid:82865512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.46.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002413/; classtype:trojan-activity;sid:82865513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.209.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002414/; classtype:trojan-activity;sid:82865514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.131.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002411/; classtype:trojan-activity;sid:82865511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.89.74.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002410/; classtype:trojan-activity;sid:82865510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.92.199.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002409/; classtype:trojan-activity;sid:82865509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.235.48.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002408/; classtype:trojan-activity;sid:82865508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.118.191.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002407/; classtype:trojan-activity;sid:82865507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.66.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002406/; classtype:trojan-activity;sid:82865506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002402)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.133.69.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002402/; classtype:trojan-activity;sid:82865502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.31.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002403/; classtype:trojan-activity;sid:82865503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.155.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002404/; classtype:trojan-activity;sid:82865504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.77.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002405/; classtype:trojan-activity;sid:82865505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.27.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002400/; classtype:trojan-activity;sid:82865500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.204.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002401/; classtype:trojan-activity;sid:82865501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.255.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002399/; classtype:trojan-activity;sid:82865499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.37.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002392/; classtype:trojan-activity;sid:82865492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.189.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002393/; classtype:trojan-activity;sid:82865493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.192.253.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002394/; classtype:trojan-activity;sid:82865494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.188.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002395/; classtype:trojan-activity;sid:82865495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.8.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002396/; classtype:trojan-activity;sid:82865496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.28.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002397/; classtype:trojan-activity;sid:82865497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.104.241.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002398/; classtype:trojan-activity;sid:82865498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.145.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002390/; classtype:trojan-activity;sid:82865490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.9.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002391/; classtype:trojan-activity;sid:82865491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.244.32.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002389/; classtype:trojan-activity;sid:82865489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.26.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002388/; classtype:trojan-activity;sid:82865488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002387)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.33.58.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002387/; classtype:trojan-activity;sid:82865487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002386)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.123.34.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002386/; classtype:trojan-activity;sid:82865486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002382)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1472_1642971395_2975.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"coin-coin-file-9.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002382/; classtype:trojan-activity;sid:82865482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.73.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002383/; classtype:trojan-activity;sid:82865483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002384)"; flow:established,from_client; content:"GET"; http_method; content:"/files/3284_1642714335_1607.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"coin-coin-file-9.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002384/; classtype:trojan-activity;sid:82865484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002385)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8695_1642970066_6747.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"coin-coin-file-9.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002385/; classtype:trojan-activity;sid:82865485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.90.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002381/; classtype:trojan-activity;sid:82865481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002380)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1998_1642927409_5314.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"coin-coin-file-9.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002380/; classtype:trojan-activity;sid:82865480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002378)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5276_1642973818_6008.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"coin-coin-file-9.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002378/; classtype:trojan-activity;sid:82865478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002379)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2808_1642539573_3182.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"coin-coin-file-9.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002379/; classtype:trojan-activity;sid:82865479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.212.226.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002377/; classtype:trojan-activity;sid:82865477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.82.144.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002373/; classtype:trojan-activity;sid:82865473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.222.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002374/; classtype:trojan-activity;sid:82865474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002375)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.89.122.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002375/; classtype:trojan-activity;sid:82865475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.180.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002376/; classtype:trojan-activity;sid:82865476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.199.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002372/; classtype:trojan-activity;sid:82865472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.250.50.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002371/; classtype:trojan-activity;sid:82865471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.249.43.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002370/; classtype:trojan-activity;sid:82865470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.12.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002366/; classtype:trojan-activity;sid:82865466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.47.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002367/; classtype:trojan-activity;sid:82865467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.184.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002368/; classtype:trojan-activity;sid:82865468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.173.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002369/; classtype:trojan-activity;sid:82865469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.229.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002362/; classtype:trojan-activity;sid:82865462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.209.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002363/; classtype:trojan-activity;sid:82865463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.8.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002364/; classtype:trojan-activity;sid:82865464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.166.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002365/; classtype:trojan-activity;sid:82865465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.197.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002361/; classtype:trojan-activity;sid:82865461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002360)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.218.182.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002360/; classtype:trojan-activity;sid:82865460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.120.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002359/; classtype:trojan-activity;sid:82865459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002358)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.133.170.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002358/; classtype:trojan-activity;sid:82865458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.33.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002356/; classtype:trojan-activity;sid:82865456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.148.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002357/; classtype:trojan-activity;sid:82865457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.86.167.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002354/; classtype:trojan-activity;sid:82865454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.210.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002355/; classtype:trojan-activity;sid:82865455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.44.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002353/; classtype:trojan-activity;sid:82865453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.78.39.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002351/; classtype:trojan-activity;sid:82865451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.218.207.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002352/; classtype:trojan-activity;sid:82865452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.235.186.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002350/; classtype:trojan-activity;sid:82865450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.116.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002348/; classtype:trojan-activity;sid:82865448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.146.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002349/; classtype:trojan-activity;sid:82865449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.31.110.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002347/; classtype:trojan-activity;sid:82865447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.129.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002345/; classtype:trojan-activity;sid:82865445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.191.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002346/; classtype:trojan-activity;sid:82865446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.215.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002344/; classtype:trojan-activity;sid:82865444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.250.41.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002343/; classtype:trojan-activity;sid:82865443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.66.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002342/; classtype:trojan-activity;sid:82865442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.207.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002341/; classtype:trojan-activity;sid:82865441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.235.48.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002340/; classtype:trojan-activity;sid:82865440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.163.115.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002339/; classtype:trojan-activity;sid:82865439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002338)"; flow:established,from_client; content:"GET"; http_method; content:"//pop.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.245.158.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002338/; classtype:trojan-activity;sid:82865438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.40.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002337/; classtype:trojan-activity;sid:82865437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.202.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002335/; classtype:trojan-activity;sid:82865435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002336)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.134.153.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002336/; classtype:trojan-activity;sid:82865436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.120.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002334/; classtype:trojan-activity;sid:82865434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.217.91.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002333/; classtype:trojan-activity;sid:82865433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.162.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002330/; classtype:trojan-activity;sid:82865430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.79.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002331/; classtype:trojan-activity;sid:82865431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.232.29.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002332/; classtype:trojan-activity;sid:82865432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.90.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002328/; classtype:trojan-activity;sid:82865428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.166.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002329/; classtype:trojan-activity;sid:82865429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002326)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl|3f|ddos"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"2.58.149.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002326/; classtype:trojan-activity;sid:82865426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002327)"; flow:established,from_client; content:"GET"; http_method; content:"/bins//x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"209.141.54.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002327/; classtype:trojan-activity;sid:82865427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.85.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002325/; classtype:trojan-activity;sid:82865425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.62.197.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002324/; classtype:trojan-activity;sid:82865424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.62.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002319/; classtype:trojan-activity;sid:82865419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.39.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002320/; classtype:trojan-activity;sid:82865420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.43.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002321/; classtype:trojan-activity;sid:82865421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.168.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002322/; classtype:trojan-activity;sid:82865422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.5.23.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002323/; classtype:trojan-activity;sid:82865423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.135.64.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002317/; classtype:trojan-activity;sid:82865417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002318/; classtype:trojan-activity;sid:82865418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002315)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64.dbg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"172.245.156.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002315/; classtype:trojan-activity;sid:82865415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002316)"; flow:established,from_client; content:"GET"; http_method; content:"/go"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"172.245.156.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002316/; classtype:trojan-activity;sid:82865416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.66.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002314/; classtype:trojan-activity;sid:82865414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.176.181.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002313/; classtype:trojan-activity;sid:82865413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.192.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002312/; classtype:trojan-activity;sid:82865412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002311)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.113.72.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002311/; classtype:trojan-activity;sid:82865411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.14.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002310/; classtype:trojan-activity;sid:82865410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.125.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002307/; classtype:trojan-activity;sid:82865407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.51.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002308/; classtype:trojan-activity;sid:82865408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.34.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002309/; classtype:trojan-activity;sid:82865409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002295)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tsunami.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"143.110.216.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002295/; classtype:trojan-activity;sid:82865395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002296)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tsunami.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"143.110.216.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002296/; classtype:trojan-activity;sid:82865396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002297)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tsunami.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"143.110.216.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002297/; classtype:trojan-activity;sid:82865397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002298)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tsunami.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"143.110.216.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002298/; classtype:trojan-activity;sid:82865398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002299)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tsunami.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"143.110.216.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002299/; classtype:trojan-activity;sid:82865399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002300)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tsunami.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"143.110.216.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002300/; classtype:trojan-activity;sid:82865400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002301)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tsunami.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"143.110.216.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002301/; classtype:trojan-activity;sid:82865401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002302)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tsunami.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"143.110.216.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002302/; classtype:trojan-activity;sid:82865402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002303)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tsunami.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"143.110.216.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002303/; classtype:trojan-activity;sid:82865403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002304)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tsunami.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"143.110.216.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002304/; classtype:trojan-activity;sid:82865404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.249.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002305/; classtype:trojan-activity;sid:82865405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.183.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002306/; classtype:trojan-activity;sid:82865406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.203.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002291/; classtype:trojan-activity;sid:82865391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.186.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002292/; classtype:trojan-activity;sid:82865392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.122.105.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002293/; classtype:trojan-activity;sid:82865393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.212.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002294/; classtype:trojan-activity;sid:82865394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.207.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002290/; classtype:trojan-activity;sid:82865390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.228.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002287/; classtype:trojan-activity;sid:82865387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.238.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002288/; classtype:trojan-activity;sid:82865388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.31.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002289/; classtype:trojan-activity;sid:82865389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.110.166.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002286/; classtype:trojan-activity;sid:82865386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.138.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002284/; classtype:trojan-activity;sid:82865384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.18.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002285/; classtype:trojan-activity;sid:82865385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.8.114.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002283/; classtype:trojan-activity;sid:82865383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.254.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002282/; classtype:trojan-activity;sid:82865382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.16.39.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002281/; classtype:trojan-activity;sid:82865381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.212.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002280/; classtype:trojan-activity;sid:82865380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.83.134.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002279/; classtype:trojan-activity;sid:82865379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.43.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002278/; classtype:trojan-activity;sid:82865378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.204.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002277/; classtype:trojan-activity;sid:82865377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.79.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002275/; classtype:trojan-activity;sid:82865375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.177.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002276/; classtype:trojan-activity;sid:82865376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.201.36.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002274/; classtype:trojan-activity;sid:82865374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.205.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002273/; classtype:trojan-activity;sid:82865373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.58.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002271/; classtype:trojan-activity;sid:82865371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.95.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002272/; classtype:trojan-activity;sid:82865372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.147.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002270/; classtype:trojan-activity;sid:82865370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.151.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002269/; classtype:trojan-activity;sid:82865369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.86.167.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002268/; classtype:trojan-activity;sid:82865368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002267)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/gigabootnet.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002267/; classtype:trojan-activity;sid:82865367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.240.203.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002266/; classtype:trojan-activity;sid:82865366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.254.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002265/; classtype:trojan-activity;sid:82865365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.192.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002264/; classtype:trojan-activity;sid:82865364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.232.73.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002263/; classtype:trojan-activity;sid:82865363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.152.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002262/; classtype:trojan-activity;sid:82865362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002260/; classtype:trojan-activity;sid:82865360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.8.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002261/; classtype:trojan-activity;sid:82865361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.88.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002258/; classtype:trojan-activity;sid:82865358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.112.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002259/; classtype:trojan-activity;sid:82865359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002256/; classtype:trojan-activity;sid:82865356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.186.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002257/; classtype:trojan-activity;sid:82865357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.178.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002251/; classtype:trojan-activity;sid:82865351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.96.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002252/; classtype:trojan-activity;sid:82865352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.228.203.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002253/; classtype:trojan-activity;sid:82865353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.117.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002254/; classtype:trojan-activity;sid:82865354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.203.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002255/; classtype:trojan-activity;sid:82865355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.0.169.38"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002250/; classtype:trojan-activity;sid:82865350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.70.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002246/; classtype:trojan-activity;sid:82865346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002247)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.26.110.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002247/; classtype:trojan-activity;sid:82865347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.213.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002249/; classtype:trojan-activity;sid:82865349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002243)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"bizgroupe.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002243/; classtype:trojan-activity;sid:82865343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.92.199.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002244/; classtype:trojan-activity;sid:82865344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.157.162.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002245/; classtype:trojan-activity;sid:82865345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002241)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"bizgroupe.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002241/; classtype:trojan-activity;sid:82865341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.49.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002240/; classtype:trojan-activity;sid:82865340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.202.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002239/; classtype:trojan-activity;sid:82865339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.252.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002238/; classtype:trojan-activity;sid:82865338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002237)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.32.152.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002237/; classtype:trojan-activity;sid:82865337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.72.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002236/; classtype:trojan-activity;sid:82865336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.192.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002235/; classtype:trojan-activity;sid:82865335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.84.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002234/; classtype:trojan-activity;sid:82865334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.140.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002233/; classtype:trojan-activity;sid:82865333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002232)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.208.29.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002232/; classtype:trojan-activity;sid:82865332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.79.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002230/; classtype:trojan-activity;sid:82865330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.175.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002231/; classtype:trojan-activity;sid:82865331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.88.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002229/; classtype:trojan-activity;sid:82865329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.251.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002228/; classtype:trojan-activity;sid:82865328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.32.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002227/; classtype:trojan-activity;sid:82865327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.125.79.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002226/; classtype:trojan-activity;sid:82865326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.71.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002225/; classtype:trojan-activity;sid:82865325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.30.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002223/; classtype:trojan-activity;sid:82865323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.99.188.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002224/; classtype:trojan-activity;sid:82865324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.250.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002221/; classtype:trojan-activity;sid:82865321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002222/; classtype:trojan-activity;sid:82865322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.232.73.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002220/; classtype:trojan-activity;sid:82865320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002219)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/wp-roilbask/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"luigicasoli.it"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002219/; classtype:trojan-activity;sid:82865319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.40.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002218/; classtype:trojan-activity;sid:82865318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.138.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002217/; classtype:trojan-activity;sid:82865317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.189.54.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002216/; classtype:trojan-activity;sid:82865316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002215)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.179.10.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002215/; classtype:trojan-activity;sid:82865315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.157.212.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002214/; classtype:trojan-activity;sid:82865314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.202.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002213/; classtype:trojan-activity;sid:82865313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.44.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002212/; classtype:trojan-activity;sid:82865312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.29.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002211/; classtype:trojan-activity;sid:82865311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.90.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002209/; classtype:trojan-activity;sid:82865309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.181.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002210/; classtype:trojan-activity;sid:82865310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.13.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002207/; classtype:trojan-activity;sid:82865307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.142.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002208/; classtype:trojan-activity;sid:82865308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.176.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002206/; classtype:trojan-activity;sid:82865306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.23.239.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002205/; classtype:trojan-activity;sid:82865305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.43.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002204/; classtype:trojan-activity;sid:82865304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.91.168.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002203/; classtype:trojan-activity;sid:82865303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.249.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002201/; classtype:trojan-activity;sid:82865301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.220.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002202/; classtype:trojan-activity;sid:82865302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.34.207.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002200/; classtype:trojan-activity;sid:82865300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.60.121.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002198/; classtype:trojan-activity;sid:82865298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.19.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002199/; classtype:trojan-activity;sid:82865299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.49.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002197/; classtype:trojan-activity;sid:82865297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.32.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002196/; classtype:trojan-activity;sid:82865296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.140.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002195/; classtype:trojan-activity;sid:82865295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.108.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002194/; classtype:trojan-activity;sid:82865294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002193/; classtype:trojan-activity;sid:82865293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.35.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002192/; classtype:trojan-activity;sid:82865292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002191/; classtype:trojan-activity;sid:82865291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.227.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002189/; classtype:trojan-activity;sid:82865289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.143.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002190/; classtype:trojan-activity;sid:82865290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.178.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002187/; classtype:trojan-activity;sid:82865287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.124.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002188/; classtype:trojan-activity;sid:82865288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.141.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002186/; classtype:trojan-activity;sid:82865286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.105.19.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002185/; classtype:trojan-activity;sid:82865285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.78.39.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002183/; classtype:trojan-activity;sid:82865283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.23.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002184/; classtype:trojan-activity;sid:82865284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.147.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002181/; classtype:trojan-activity;sid:82865281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.51.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002182/; classtype:trojan-activity;sid:82865282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.146.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002180/; classtype:trojan-activity;sid:82865280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.181.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002179/; classtype:trojan-activity;sid:82865279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.248.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002177/; classtype:trojan-activity;sid:82865277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.7.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002178/; classtype:trojan-activity;sid:82865278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.5.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002176/; classtype:trojan-activity;sid:82865276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.189.54.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002174/; classtype:trojan-activity;sid:82865274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.34.232"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002175/; classtype:trojan-activity;sid:82865275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"20.24.80.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002173/; classtype:trojan-activity;sid:82865273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.94.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002172/; classtype:trojan-activity;sid:82865272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.172.176.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002171/; classtype:trojan-activity;sid:82865271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.143.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002170/; classtype:trojan-activity;sid:82865270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002169)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/neww.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"mysouthbay.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002169/; classtype:trojan-activity;sid:82865269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.8.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002168/; classtype:trojan-activity;sid:82865268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.180.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002166/; classtype:trojan-activity;sid:82865266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.98.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002167/; classtype:trojan-activity;sid:82865267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.138.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002165/; classtype:trojan-activity;sid:82865265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.80.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002163/; classtype:trojan-activity;sid:82865263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.150.74.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002164/; classtype:trojan-activity;sid:82865264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.53.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002162/; classtype:trojan-activity;sid:82865262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.162.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002157/; classtype:trojan-activity;sid:82865257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.119.41.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002158/; classtype:trojan-activity;sid:82865258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.36.63.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002159/; classtype:trojan-activity;sid:82865259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.47.208.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002160/; classtype:trojan-activity;sid:82865260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.35.168.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002161/; classtype:trojan-activity;sid:82865261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.80.200.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002155/; classtype:trojan-activity;sid:82865255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.136.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002156/; classtype:trojan-activity;sid:82865256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.10.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002154/; classtype:trojan-activity;sid:82865254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.166.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002153/; classtype:trojan-activity;sid:82865253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.118.134.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002152/; classtype:trojan-activity;sid:82865252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.108.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002151/; classtype:trojan-activity;sid:82865251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002149)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.12.245.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002149/; classtype:trojan-activity;sid:82865249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.84.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002150/; classtype:trojan-activity;sid:82865250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002148)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.243.215.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002148/; classtype:trojan-activity;sid:82865248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.8.95.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002147/; classtype:trojan-activity;sid:82865247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.8.80.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002146/; classtype:trojan-activity;sid:82865246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.192.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002145/; classtype:trojan-activity;sid:82865245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.215.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002144/; classtype:trojan-activity;sid:82865244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.40.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002143/; classtype:trojan-activity;sid:82865243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.146.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002142/; classtype:trojan-activity;sid:82865242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.5.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002141/; classtype:trojan-activity;sid:82865241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.214.72.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002139/; classtype:trojan-activity;sid:82865239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.146.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002140/; classtype:trojan-activity;sid:82865240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.34.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002136/; classtype:trojan-activity;sid:82865236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.148.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002137/; classtype:trojan-activity;sid:82865237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.233.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002138/; classtype:trojan-activity;sid:82865238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.204.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002134/; classtype:trojan-activity;sid:82865234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.144.166.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002135/; classtype:trojan-activity;sid:82865235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.93.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002133/; classtype:trojan-activity;sid:82865233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002132/; classtype:trojan-activity;sid:82865232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.16.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002131/; classtype:trojan-activity;sid:82865231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.43.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002130/; classtype:trojan-activity;sid:82865230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.32.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002129/; classtype:trojan-activity;sid:82865229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002128)"; flow:established,from_client; content:"GET"; http_method; content:"/sec/se3.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"92.255.57.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002128/; classtype:trojan-activity;sid:82865228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002127)"; flow:established,from_client; content:"GET"; http_method; content:"/4rcktvr/cxfxzagpim/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chronofast.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002127/; classtype:trojan-activity;sid:82865227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002126)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/t1ckv/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"167.99.190.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002126/; classtype:trojan-activity;sid:82865226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002124)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/6xmab81fghcrjgyf6/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"lp.nzp-pro.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002124/; classtype:trojan-activity;sid:82865224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002125)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/u4o2u0vfjzfd9g0wxu/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"medfited.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002125/; classtype:trojan-activity;sid:82865225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002123)"; flow:established,from_client; content:"GET"; http_method; content:"/fox-c/banobam4k/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tranhgohoangthiet.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002123/; classtype:trojan-activity;sid:82865223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002120)"; flow:established,from_client; content:"GET"; http_method; content:"/content/n6ynz/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"moon-machinery.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002120/; classtype:trojan-activity;sid:82865220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002121)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/kbu7quj4cc0kauoiulk/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"sundaydriver.dijgtal.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002121/; classtype:trojan-activity;sid:82865221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002122)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/9iyv2pz6glol/"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ebikecenter.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002122/; classtype:trojan-activity;sid:82865222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002119)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/d7lq/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"thepicksclub.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002119/; classtype:trojan-activity;sid:82865219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002117)"; flow:established,from_client; content:"GET"; http_method; content:"/unary/yo7ffrmrhu4o/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"guylock.ussl.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002117/; classtype:trojan-activity;sid:82865217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002118)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/hhd2l0m9yennicy77r/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"tarifpaylasimlari.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002118/; classtype:trojan-activity;sid:82865218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.14.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002116/; classtype:trojan-activity;sid:82865216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002109)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.249.32.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002109/; classtype:trojan-activity;sid:82865209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002110)"; flow:established,from_client; content:"GET"; http_method; content:"/sec/se3.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"0x5cff39c3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002110/; classtype:trojan-activity;sid:82865210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002111)"; flow:established,from_client; content:"GET"; http_method; content:"/sec/se3.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"92.255.57.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002111/; classtype:trojan-activity;sid:82865211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002112)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.249.32.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002112/; classtype:trojan-activity;sid:82865212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002113)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.249.32.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002113/; classtype:trojan-activity;sid:82865213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002114)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.249.32.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002114/; classtype:trojan-activity;sid:82865214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002115)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"46.249.32.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002115/; classtype:trojan-activity;sid:82865215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002108)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2020/sup.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"mysouthbay.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002108/; classtype:trojan-activity;sid:82865208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.88.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002105/; classtype:trojan-activity;sid:82865205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.248.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002106/; classtype:trojan-activity;sid:82865206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.10.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002107/; classtype:trojan-activity;sid:82865207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002104/; classtype:trojan-activity;sid:82865204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.235.134.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002103/; classtype:trojan-activity;sid:82865203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.205.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002102/; classtype:trojan-activity;sid:82865202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.84.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002101/; classtype:trojan-activity;sid:82865201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.144.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002100/; classtype:trojan-activity;sid:82865200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.209.126.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002099/; classtype:trojan-activity;sid:82865199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.122.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002098/; classtype:trojan-activity;sid:82865198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002096)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"96.77.50.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002096/; classtype:trojan-activity;sid:82865196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.42.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002097/; classtype:trojan-activity;sid:82865197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002095)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/supsss.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"mysouthbay.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002095/; classtype:trojan-activity;sid:82865195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.252.230.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002094/; classtype:trojan-activity;sid:82865194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.150.8.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002093/; classtype:trojan-activity;sid:82865193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002092)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.157.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002092/; classtype:trojan-activity;sid:82865192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.99.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002091/; classtype:trojan-activity;sid:82865191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.163.8.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002090/; classtype:trojan-activity;sid:82865190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.177.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002088/; classtype:trojan-activity;sid:82865188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.87.24.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002089/; classtype:trojan-activity;sid:82865189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.85.34.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002087/; classtype:trojan-activity;sid:82865187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.136.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002082/; classtype:trojan-activity;sid:82865182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.176.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002083/; classtype:trojan-activity;sid:82865183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.204.212.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002084/; classtype:trojan-activity;sid:82865184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.38.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002085/; classtype:trojan-activity;sid:82865185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.225.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002086/; classtype:trojan-activity;sid:82865186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.143.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002081/; classtype:trojan-activity;sid:82865181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.103.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002080/; classtype:trojan-activity;sid:82865180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.146.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002078/; classtype:trojan-activity;sid:82865178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.208.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002079/; classtype:trojan-activity;sid:82865179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.124.5.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002077/; classtype:trojan-activity;sid:82865177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002065)"; flow:established,from_client; content:"GET"; http_method; content:"/gummy.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.175.21.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002065/; classtype:trojan-activity;sid:82865165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002066)"; flow:established,from_client; content:"GET"; http_method; content:"/gummy.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.175.21.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002066/; classtype:trojan-activity;sid:82865166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002067)"; flow:established,from_client; content:"GET"; http_method; content:"/gummy.arm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.175.21.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002067/; classtype:trojan-activity;sid:82865167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002068)"; flow:established,from_client; content:"GET"; http_method; content:"/gummy.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.175.21.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002068/; classtype:trojan-activity;sid:82865168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002069)"; flow:established,from_client; content:"GET"; http_method; content:"/gummy.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.175.21.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002069/; classtype:trojan-activity;sid:82865169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002070)"; flow:established,from_client; content:"GET"; http_method; content:"/gummy.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.175.21.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002070/; classtype:trojan-activity;sid:82865170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.230.251.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002071/; classtype:trojan-activity;sid:82865171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002072)"; flow:established,from_client; content:"GET"; http_method; content:"/gummy.i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.175.21.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002072/; classtype:trojan-activity;sid:82865172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002073)"; flow:established,from_client; content:"GET"; http_method; content:"/gummy.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.175.21.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002073/; classtype:trojan-activity;sid:82865173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002074)"; flow:established,from_client; content:"GET"; http_method; content:"/gummy.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.175.21.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002074/; classtype:trojan-activity;sid:82865174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002075)"; flow:established,from_client; content:"GET"; http_method; content:"/gummy.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.175.21.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002075/; classtype:trojan-activity;sid:82865175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002076)"; flow:established,from_client; content:"GET"; http_method; content:"/gummy.sparc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.175.21.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002076/; classtype:trojan-activity;sid:82865176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.43.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002064/; classtype:trojan-activity;sid:82865164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.11.59.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002062/; classtype:trojan-activity;sid:82865162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002063)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.160.38.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002063/; classtype:trojan-activity;sid:82865163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002061)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/dh/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.bilisimhocasi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002061/; classtype:trojan-activity;sid:82865161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.192.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002059/; classtype:trojan-activity;sid:82865159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.42.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002060/; classtype:trojan-activity;sid:82865160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.163.29.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002057/; classtype:trojan-activity;sid:82865157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.173.137.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002058/; classtype:trojan-activity;sid:82865158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002056)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.221.184.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002056/; classtype:trojan-activity;sid:82865156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.247.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002055/; classtype:trojan-activity;sid:82865155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.167.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002053/; classtype:trojan-activity;sid:82865153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.179.168.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002054/; classtype:trojan-activity;sid:82865154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.52.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002051/; classtype:trojan-activity;sid:82865151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.187.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002052/; classtype:trojan-activity;sid:82865152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.164.46.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002047/; classtype:trojan-activity;sid:82865147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.245.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002048/; classtype:trojan-activity;sid:82865148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.192.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002049/; classtype:trojan-activity;sid:82865149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.40.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002050/; classtype:trojan-activity;sid:82865150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.146.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002046/; classtype:trojan-activity;sid:82865146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.124.156.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002045/; classtype:trojan-activity;sid:82865145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.104.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002044/; classtype:trojan-activity;sid:82865144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.3.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002043/; classtype:trojan-activity;sid:82865143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.42.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002042/; classtype:trojan-activity;sid:82865142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.36.194.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002041/; classtype:trojan-activity;sid:82865141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.49.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002040/; classtype:trojan-activity;sid:82865140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.150.8.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002038/; classtype:trojan-activity;sid:82865138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.43.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002039/; classtype:trojan-activity;sid:82865139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.55.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002034/; classtype:trojan-activity;sid:82865134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"187.224.214.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002035/; classtype:trojan-activity;sid:82865135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.139.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002036/; classtype:trojan-activity;sid:82865136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.84.40.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002037/; classtype:trojan-activity;sid:82865137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.18.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002032/; classtype:trojan-activity;sid:82865132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.19.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002033/; classtype:trojan-activity;sid:82865133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.19.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002031/; classtype:trojan-activity;sid:82865131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.171.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002030/; classtype:trojan-activity;sid:82865130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.85.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002029/; classtype:trojan-activity;sid:82865129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.108.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002028/; classtype:trojan-activity;sid:82865128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.61.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002026/; classtype:trojan-activity;sid:82865126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.214.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002027/; classtype:trojan-activity;sid:82865127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.199.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002024/; classtype:trojan-activity;sid:82865124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.222.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002025/; classtype:trojan-activity;sid:82865125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002022)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/dh/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"bilisimhocasi.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002022/; classtype:trojan-activity;sid:82865122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002023)"; flow:established,from_client; content:"GET"; http_method; content:"/b/t681uhjz/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ss100feet.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002023/; classtype:trojan-activity;sid:82865123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002019)"; flow:established,from_client; content:"GET"; http_method; content:"/fer/fe5.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"0xb907d607"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002019/; classtype:trojan-activity;sid:82865119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002020)"; flow:established,from_client; content:"GET"; http_method; content:"/old/izgp8vipcqxwmduum/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.ufficiomodernosas.it"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002020/; classtype:trojan-activity;sid:82865120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002021)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/pyzvv79ovikzqf/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"lufficiodeiviaggi.it"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002021/; classtype:trojan-activity;sid:82865121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002018)"; flow:established,from_client; content:"GET"; http_method; content:"/bullyrag/c/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"directorio.reservado.com.bo"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002018/; classtype:trojan-activity;sid:82865118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002017)"; flow:established,from_client; content:"GET"; http_method; content:"/axedi/gtlf2pxoaveaor/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"iwannago.dev.bizapps.sg"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002017/; classtype:trojan-activity;sid:82865117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.87.24.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002016/; classtype:trojan-activity;sid:82865116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002014)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sixj7yc9qqrta/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"dopevision.tn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002014/; classtype:trojan-activity;sid:82865114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002015)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/vig9etw5i3jrou/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.cam-at.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002015/; classtype:trojan-activity;sid:82865115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002013)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/c0cyue7ue/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.top-art.co.il"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002013/; classtype:trojan-activity;sid:82865113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002010)"; flow:established,from_client; content:"GET"; http_method; content:"/gig1.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002010/; classtype:trojan-activity;sid:82865110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002011)"; flow:established,from_client; content:"GET"; http_method; content:"/gig1.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002011/; classtype:trojan-activity;sid:82865111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.228.115.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002012/; classtype:trojan-activity;sid:82865112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.161.145.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001997/; classtype:trojan-activity;sid:82865097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001998)"; flow:established,from_client; content:"GET"; http_method; content:"/gig1.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001998/; classtype:trojan-activity;sid:82865098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001999)"; flow:established,from_client; content:"GET"; http_method; content:"/gig1.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001999/; classtype:trojan-activity;sid:82865099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002000)"; flow:established,from_client; content:"GET"; http_method; content:"/gig1.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002000/; classtype:trojan-activity;sid:82865100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002001)"; flow:established,from_client; content:"GET"; http_method; content:"/gig1.i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002001/; classtype:trojan-activity;sid:82865101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002002)"; flow:established,from_client; content:"GET"; http_method; content:"/gig1.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002002/; classtype:trojan-activity;sid:82865102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002003)"; flow:established,from_client; content:"GET"; http_method; content:"/gig1.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002003/; classtype:trojan-activity;sid:82865103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002004)"; flow:established,from_client; content:"GET"; http_method; content:"/gig1.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002004/; classtype:trojan-activity;sid:82865104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002005)"; flow:established,from_client; content:"GET"; http_method; content:"/gig1.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002005/; classtype:trojan-activity;sid:82865105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002006)"; flow:established,from_client; content:"GET"; http_method; content:"/gig1.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002006/; classtype:trojan-activity;sid:82865106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002007)"; flow:established,from_client; content:"GET"; http_method; content:"/gig1.armv4eb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002007/; classtype:trojan-activity;sid:82865107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002008)"; flow:established,from_client; content:"GET"; http_method; content:"/gig1.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.94.138.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002008/; classtype:trojan-activity;sid:82865108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2002009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.253.202.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2002009/; classtype:trojan-activity;sid:82865109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.246.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001994/; classtype:trojan-activity;sid:82865094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.201.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001995/; classtype:trojan-activity;sid:82865095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001996)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/gbzinh4is4/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"kleenskinstudio.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001996/; classtype:trojan-activity;sid:82865096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.230.251.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001991/; classtype:trojan-activity;sid:82865091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.3.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001992/; classtype:trojan-activity;sid:82865092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.95.56.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001993/; classtype:trojan-activity;sid:82865093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001989)"; flow:established,from_client; content:"GET"; http_method; content:"/fer/fe5.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"0xb907d607"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001989/; classtype:trojan-activity;sid:82865089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001990)"; flow:established,from_client; content:"GET"; http_method; content:"/fer/fe5.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.7.214.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001990/; classtype:trojan-activity;sid:82865090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001988)"; flow:established,from_client; content:"GET"; http_method; content:"/fer/fe5.html"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.7.214.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001988/; classtype:trojan-activity;sid:82865088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.248.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001987/; classtype:trojan-activity;sid:82865087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.156.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001985/; classtype:trojan-activity;sid:82865085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.40.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001986/; classtype:trojan-activity;sid:82865086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.203.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001981/; classtype:trojan-activity;sid:82865081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.2.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001982/; classtype:trojan-activity;sid:82865082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.147.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001983/; classtype:trojan-activity;sid:82865083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.32.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001984/; classtype:trojan-activity;sid:82865084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.182.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001977/; classtype:trojan-activity;sid:82865077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.82.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001978/; classtype:trojan-activity;sid:82865078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.188.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001979/; classtype:trojan-activity;sid:82865079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.198.106.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001980/; classtype:trojan-activity;sid:82865080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.19.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001974/; classtype:trojan-activity;sid:82865074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.120.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001975/; classtype:trojan-activity;sid:82865075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.22.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001976/; classtype:trojan-activity;sid:82865076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.60.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001973/; classtype:trojan-activity;sid:82865073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.237.3.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001970/; classtype:trojan-activity;sid:82865070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.184.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001971/; classtype:trojan-activity;sid:82865071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.165.161.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001972/; classtype:trojan-activity;sid:82865072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.2.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001969/; classtype:trojan-activity;sid:82865069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.2.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001968/; classtype:trojan-activity;sid:82865068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.153.130.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001967/; classtype:trojan-activity;sid:82865067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001966)"; flow:established,from_client; content:"GET"; http_method; content:"/googlecould/csrss.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.153.79.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001966/; classtype:trojan-activity;sid:82865066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.131.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001964/; classtype:trojan-activity;sid:82865064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001965)"; flow:established,from_client; content:"GET"; http_method; content:"/gntek.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.192.246.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001965/; classtype:trojan-activity;sid:82865065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.21.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001962/; classtype:trojan-activity;sid:82865062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001963)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ff2f63cfb6554575d3bdcbb1633a8f7a.jpg"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dropmb.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001963/; classtype:trojan-activity;sid:82865063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001952)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5b6888c53ad1bf81d796673aee21b1ef.jpg"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dropmb.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001952/; classtype:trojan-activity;sid:82865052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.149.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001953/; classtype:trojan-activity;sid:82865053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.12.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001954/; classtype:trojan-activity;sid:82865054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.18.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001955/; classtype:trojan-activity;sid:82865055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.202.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001956/; classtype:trojan-activity;sid:82865056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.22.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001957/; classtype:trojan-activity;sid:82865057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001958)"; flow:established,from_client; content:"GET"; http_method; content:"/googlecould/.win32.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.114.105.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001958/; classtype:trojan-activity;sid:82865058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.193.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001959/; classtype:trojan-activity;sid:82865059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.25.115.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001960/; classtype:trojan-activity;sid:82865060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.240.28.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001961/; classtype:trojan-activity;sid:82865061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001951)"; flow:established,from_client; content:"GET"; http_method; content:"/googlecould/csrss.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.138.109.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001951/; classtype:trojan-activity;sid:82865051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.57.231.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001950/; classtype:trojan-activity;sid:82865050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.183.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001948/; classtype:trojan-activity;sid:82865048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001949)"; flow:established,from_client; content:"GET"; http_method; content:"/googlecould/vbc.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"180.214.236.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001949/; classtype:trojan-activity;sid:82865049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.224.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001947/; classtype:trojan-activity;sid:82865047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.182.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001946/; classtype:trojan-activity;sid:82865046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.251.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001945/; classtype:trojan-activity;sid:82865045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.168.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001942/; classtype:trojan-activity;sid:82865042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.170.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001943/; classtype:trojan-activity;sid:82865043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.1.189.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001944/; classtype:trojan-activity;sid:82865044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.61.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001941/; classtype:trojan-activity;sid:82865041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.201.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001940/; classtype:trojan-activity;sid:82865040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.48.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001939/; classtype:trojan-activity;sid:82865039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.80.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001938/; classtype:trojan-activity;sid:82865038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.208.122.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001937/; classtype:trojan-activity;sid:82865037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001936)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.163.202.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001936/; classtype:trojan-activity;sid:82865036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.236.214.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001935/; classtype:trojan-activity;sid:82865035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.31.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001934/; classtype:trojan-activity;sid:82865034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.70.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001933/; classtype:trojan-activity;sid:82865033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.97.176.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001932/; classtype:trojan-activity;sid:82865032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.240.78.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001931/; classtype:trojan-activity;sid:82865031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.110.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001927/; classtype:trojan-activity;sid:82865027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.2.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001928/; classtype:trojan-activity;sid:82865028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.47.118.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001929/; classtype:trojan-activity;sid:82865029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.187.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001930/; classtype:trojan-activity;sid:82865030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.28.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001926/; classtype:trojan-activity;sid:82865026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.90.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001924/; classtype:trojan-activity;sid:82865024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.207.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001925/; classtype:trojan-activity;sid:82865025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.170.98.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001923/; classtype:trojan-activity;sid:82865023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.177.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001921/; classtype:trojan-activity;sid:82865021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.102.61.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001922/; classtype:trojan-activity;sid:82865022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.122.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001920/; classtype:trojan-activity;sid:82865020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.56.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001918/; classtype:trojan-activity;sid:82865018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.109.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001919/; classtype:trojan-activity;sid:82865019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001912)"; flow:established,from_client; content:"GET"; http_method; content:"/gummybins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.210.239.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001912/; classtype:trojan-activity;sid:82865012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001913)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.210.239.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001913/; classtype:trojan-activity;sid:82865013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001914)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"192.210.239.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001914/; classtype:trojan-activity;sid:82865014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001915)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.210.239.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001915/; classtype:trojan-activity;sid:82865015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001916)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.210.239.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001916/; classtype:trojan-activity;sid:82865016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001917)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.210.239.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001917/; classtype:trojan-activity;sid:82865017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.250.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001911/; classtype:trojan-activity;sid:82865011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001907)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.210.239.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001907/; classtype:trojan-activity;sid:82865007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001908)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.210.239.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001908/; classtype:trojan-activity;sid:82865008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001909)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.210.239.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001909/; classtype:trojan-activity;sid:82865009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001910)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.210.239.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001910/; classtype:trojan-activity;sid:82865010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.97.176.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001906/; classtype:trojan-activity;sid:82865006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.40.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001905/; classtype:trojan-activity;sid:82865005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.139.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001903/; classtype:trojan-activity;sid:82865003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.73.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001904/; classtype:trojan-activity;sid:82865004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.77.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001902/; classtype:trojan-activity;sid:82865002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.77.184.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001901/; classtype:trojan-activity;sid:82865001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001900/; classtype:trojan-activity;sid:82865000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.35.169.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001898/; classtype:trojan-activity;sid:82864998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.213.14.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001899/; classtype:trojan-activity;sid:82864999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.176.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001896/; classtype:trojan-activity;sid:82864996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.80.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001897/; classtype:trojan-activity;sid:82864997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001885)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.140.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001885/; classtype:trojan-activity;sid:82864985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001886)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.140.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001886/; classtype:trojan-activity;sid:82864986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001887)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.59.140.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001887/; classtype:trojan-activity;sid:82864987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001888)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.140.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001888/; classtype:trojan-activity;sid:82864988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001889)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.140.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001889/; classtype:trojan-activity;sid:82864989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001890)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.59.140.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001890/; classtype:trojan-activity;sid:82864990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001891)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.140.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001891/; classtype:trojan-activity;sid:82864991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001892)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.59.140.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001892/; classtype:trojan-activity;sid:82864992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001893)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.140.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001893/; classtype:trojan-activity;sid:82864993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001894)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.140.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001894/; classtype:trojan-activity;sid:82864994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001895)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.59.140.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001895/; classtype:trojan-activity;sid:82864995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001883)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"192.210.239.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001883/; classtype:trojan-activity;sid:82864983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001884)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"192.210.239.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001884/; classtype:trojan-activity;sid:82864984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001882)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.210.239.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001882/; classtype:trojan-activity;sid:82864982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.170.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001881/; classtype:trojan-activity;sid:82864981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.97.176.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001880/; classtype:trojan-activity;sid:82864980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.149.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001879/; classtype:trojan-activity;sid:82864979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.180.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001878/; classtype:trojan-activity;sid:82864978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.170.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001876/; classtype:trojan-activity;sid:82864976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.32.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001877/; classtype:trojan-activity;sid:82864977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.45.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001874/; classtype:trojan-activity;sid:82864974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.174.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001875/; classtype:trojan-activity;sid:82864975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.116.201.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001873/; classtype:trojan-activity;sid:82864973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.174.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001872/; classtype:trojan-activity;sid:82864972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.140.152.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001871/; classtype:trojan-activity;sid:82864971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.225.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001869/; classtype:trojan-activity;sid:82864969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001870)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.97.128.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001870/; classtype:trojan-activity;sid:82864970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.112.30.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001867/; classtype:trojan-activity;sid:82864967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.235.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001868/; classtype:trojan-activity;sid:82864968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.182.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001866/; classtype:trojan-activity;sid:82864966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.28.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001865/; classtype:trojan-activity;sid:82864965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.10.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001864/; classtype:trojan-activity;sid:82864964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.179.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001863/; classtype:trojan-activity;sid:82864963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001862)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/926179125524324352/934893381765709834/fantasia_luncher.rar"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001862/; classtype:trojan-activity;sid:82864962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001860)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/917046038999736321/917072651237867592/gamesetup_.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001860/; classtype:trojan-activity;sid:82864960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001861)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/928041249414467624/934569207083987036/eve-rpg.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001861/; classtype:trojan-activity;sid:82864961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001859)"; flow:established,from_client; content:"GET"; http_method; content:"/1122/vbc.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.173.229.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001859/; classtype:trojan-activity;sid:82864959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"99.120.22.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001858/; classtype:trojan-activity;sid:82864958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"99.120.22.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001857/; classtype:trojan-activity;sid:82864957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.189.138.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001856/; classtype:trojan-activity;sid:82864956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.56.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001851/; classtype:trojan-activity;sid:82864951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.116.10.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001852/; classtype:trojan-activity;sid:82864952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.8.176"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001853/; classtype:trojan-activity;sid:82864953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.176.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001854/; classtype:trojan-activity;sid:82864954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.60.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001855/; classtype:trojan-activity;sid:82864955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.76.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001849/; classtype:trojan-activity;sid:82864949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.85.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001850/; classtype:trojan-activity;sid:82864950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.107.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001845/; classtype:trojan-activity;sid:82864945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.112.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001846/; classtype:trojan-activity;sid:82864946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.196.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001847/; classtype:trojan-activity;sid:82864947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.231.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001848/; classtype:trojan-activity;sid:82864948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.152.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001841/; classtype:trojan-activity;sid:82864941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.38.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001842/; classtype:trojan-activity;sid:82864942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.98.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001843/; classtype:trojan-activity;sid:82864943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001844)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.167.143.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001844/; classtype:trojan-activity;sid:82864944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.10.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001840/; classtype:trojan-activity;sid:82864940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.90.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001839/; classtype:trojan-activity;sid:82864939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.133.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001838/; classtype:trojan-activity;sid:82864938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.215.180.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001834/; classtype:trojan-activity;sid:82864934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.23.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001835/; classtype:trojan-activity;sid:82864935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.170.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001836/; classtype:trojan-activity;sid:82864936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001837)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.121.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001837/; classtype:trojan-activity;sid:82864937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.35.243.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001833/; classtype:trojan-activity;sid:82864933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.103.15.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001831/; classtype:trojan-activity;sid:82864931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.58.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001832/; classtype:trojan-activity;sid:82864932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.106.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001830/; classtype:trojan-activity;sid:82864930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.167.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001829/; classtype:trojan-activity;sid:82864929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.98.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001828/; classtype:trojan-activity;sid:82864928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001827)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"73.138.147.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001827/; classtype:trojan-activity;sid:82864927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.24.152.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001826/; classtype:trojan-activity;sid:82864926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.52.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001825/; classtype:trojan-activity;sid:82864925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001824)"; flow:established,from_client; content:"GET"; http_method; content:"/t.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001824/; classtype:trojan-activity;sid:82864924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001823)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001823/; classtype:trojan-activity;sid:82864923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.179.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001822/; classtype:trojan-activity;sid:82864922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.47.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001821/; classtype:trojan-activity;sid:82864921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.195.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001820/; classtype:trojan-activity;sid:82864920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.215.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001819/; classtype:trojan-activity;sid:82864919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.18.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001816/; classtype:trojan-activity;sid:82864916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.83.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001817/; classtype:trojan-activity;sid:82864917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.118.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001818/; classtype:trojan-activity;sid:82864918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.78.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001815/; classtype:trojan-activity;sid:82864915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.16.49.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001814/; classtype:trojan-activity;sid:82864914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.164.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001813/; classtype:trojan-activity;sid:82864913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.80.200.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001812/; classtype:trojan-activity;sid:82864912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.104.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001811/; classtype:trojan-activity;sid:82864911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.162.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001810/; classtype:trojan-activity;sid:82864910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.174.108.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001808/; classtype:trojan-activity;sid:82864908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.137.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001809/; classtype:trojan-activity;sid:82864909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.125.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001806/; classtype:trojan-activity;sid:82864906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.214.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001807/; classtype:trojan-activity;sid:82864907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.10.147.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001804/; classtype:trojan-activity;sid:82864904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.38.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001805/; classtype:trojan-activity;sid:82864905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.126.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001802/; classtype:trojan-activity;sid:82864902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.6.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001803/; classtype:trojan-activity;sid:82864903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"159.196.83.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001801/; classtype:trojan-activity;sid:82864901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001799/; classtype:trojan-activity;sid:82864899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.74.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001800/; classtype:trojan-activity;sid:82864900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.107.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001798/; classtype:trojan-activity;sid:82864898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.184.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001797/; classtype:trojan-activity;sid:82864897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.44.240.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001796/; classtype:trojan-activity;sid:82864896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.249.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001795/; classtype:trojan-activity;sid:82864895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.18.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001794/; classtype:trojan-activity;sid:82864894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.102.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001793/; classtype:trojan-activity;sid:82864893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.123.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001792/; classtype:trojan-activity;sid:82864892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.91.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001789/; classtype:trojan-activity;sid:82864889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.78.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001790/; classtype:trojan-activity;sid:82864890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.138.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001791/; classtype:trojan-activity;sid:82864891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.90.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001788/; classtype:trojan-activity;sid:82864888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.130.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001786/; classtype:trojan-activity;sid:82864886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.50.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001787/; classtype:trojan-activity;sid:82864887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.24.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001785/; classtype:trojan-activity;sid:82864885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.103.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001784/; classtype:trojan-activity;sid:82864884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.161.114.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001782/; classtype:trojan-activity;sid:82864882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.9.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001783/; classtype:trojan-activity;sid:82864883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.143.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001781/; classtype:trojan-activity;sid:82864881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.191.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001780/; classtype:trojan-activity;sid:82864880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.30.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001777/; classtype:trojan-activity;sid:82864877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.13.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001778/; classtype:trojan-activity;sid:82864878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.254.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001779/; classtype:trojan-activity;sid:82864879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001776)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.41.36.239"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001776/; classtype:trojan-activity;sid:82864876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.114.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001775/; classtype:trojan-activity;sid:82864875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001774)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/wp-roilbask/includes/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"makeupsagaa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001774/; classtype:trojan-activity;sid:82864874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.166.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001773/; classtype:trojan-activity;sid:82864873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.46.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001772/; classtype:trojan-activity;sid:82864872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001770)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.28.163.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001770/; classtype:trojan-activity;sid:82864870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.25.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001771/; classtype:trojan-activity;sid:82864871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.57.38.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001768/; classtype:trojan-activity;sid:82864868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.200.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001769/; classtype:trojan-activity;sid:82864869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.138.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001767/; classtype:trojan-activity;sid:82864867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.79.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001766/; classtype:trojan-activity;sid:82864866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001765)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.23.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001765/; classtype:trojan-activity;sid:82864865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.75.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001763/; classtype:trojan-activity;sid:82864863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001764)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.15.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001764/; classtype:trojan-activity;sid:82864864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.91.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001761/; classtype:trojan-activity;sid:82864861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.62.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001762/; classtype:trojan-activity;sid:82864862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.21.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001760/; classtype:trojan-activity;sid:82864860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.38.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001756/; classtype:trojan-activity;sid:82864856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.139.89.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001757/; classtype:trojan-activity;sid:82864857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.77.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001758/; classtype:trojan-activity;sid:82864858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.110.166.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001759/; classtype:trojan-activity;sid:82864859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.91.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001755/; classtype:trojan-activity;sid:82864855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.84.66.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001747/; classtype:trojan-activity;sid:82864847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001748)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.172.198.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001748/; classtype:trojan-activity;sid:82864848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001749)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.172.198.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001749/; classtype:trojan-activity;sid:82864849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001750)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.172.198.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001750/; classtype:trojan-activity;sid:82864850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001751)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.172.198.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001751/; classtype:trojan-activity;sid:82864851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001752)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"107.172.198.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001752/; classtype:trojan-activity;sid:82864852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001753)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.172.198.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001753/; classtype:trojan-activity;sid:82864853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001754)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.172.198.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001754/; classtype:trojan-activity;sid:82864854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.209.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001746/; classtype:trojan-activity;sid:82864846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001745)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.115.242.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001745/; classtype:trojan-activity;sid:82864845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.28.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001744/; classtype:trojan-activity;sid:82864844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.150.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001742/; classtype:trojan-activity;sid:82864842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.213.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001743/; classtype:trojan-activity;sid:82864843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.183.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001738/; classtype:trojan-activity;sid:82864838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001739/; classtype:trojan-activity;sid:82864839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.253.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001740/; classtype:trojan-activity;sid:82864840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.144.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001741/; classtype:trojan-activity;sid:82864841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.35.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001737/; classtype:trojan-activity;sid:82864837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.58.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001734/; classtype:trojan-activity;sid:82864834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001735/; classtype:trojan-activity;sid:82864835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.228.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001736/; classtype:trojan-activity;sid:82864836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.185.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001733/; classtype:trojan-activity;sid:82864833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.89.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001732/; classtype:trojan-activity;sid:82864832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.152.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001731/; classtype:trojan-activity;sid:82864831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.160.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001729/; classtype:trojan-activity;sid:82864829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.38.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001730/; classtype:trojan-activity;sid:82864830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001728/; classtype:trojan-activity;sid:82864828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.3.192.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001726/; classtype:trojan-activity;sid:82864826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.111.225.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001727/; classtype:trojan-activity;sid:82864827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.235.138.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001725/; classtype:trojan-activity;sid:82864825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.159.233.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001724/; classtype:trojan-activity;sid:82864824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.146.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001723/; classtype:trojan-activity;sid:82864823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.80.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001722/; classtype:trojan-activity;sid:82864822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001721)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qw8m5hsy"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001721/; classtype:trojan-activity;sid:82864821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.179.149.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001720/; classtype:trojan-activity;sid:82864820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.73.44.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001719/; classtype:trojan-activity;sid:82864819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.35.191.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001718/; classtype:trojan-activity;sid:82864818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001716)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/geqky07v"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001716/; classtype:trojan-activity;sid:82864816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.44.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001717/; classtype:trojan-activity;sid:82864817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.41.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001713/; classtype:trojan-activity;sid:82864813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.74.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001714/; classtype:trojan-activity;sid:82864814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.36.248"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001715/; classtype:trojan-activity;sid:82864815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.48.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001712/; classtype:trojan-activity;sid:82864812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.162.216.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001711/; classtype:trojan-activity;sid:82864811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.84.66.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001709/; classtype:trojan-activity;sid:82864809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.19.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001710/; classtype:trojan-activity;sid:82864810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.205.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001708/; classtype:trojan-activity;sid:82864808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.247.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001707/; classtype:trojan-activity;sid:82864807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.176.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001705/; classtype:trojan-activity;sid:82864805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.165.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001706/; classtype:trojan-activity;sid:82864806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.49.3.176"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001701/; classtype:trojan-activity;sid:82864801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.6.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001702/; classtype:trojan-activity;sid:82864802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.4.159.39"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001703/; classtype:trojan-activity;sid:82864803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.58.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001704/; classtype:trojan-activity;sid:82864804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.214.78.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001700/; classtype:trojan-activity;sid:82864800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.28.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001699/; classtype:trojan-activity;sid:82864799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.22.183.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001698/; classtype:trojan-activity;sid:82864798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.208.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001697/; classtype:trojan-activity;sid:82864797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.35.160.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001696/; classtype:trojan-activity;sid:82864796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001695/; classtype:trojan-activity;sid:82864795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.73.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001694/; classtype:trojan-activity;sid:82864794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.198.168.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001692/; classtype:trojan-activity;sid:82864792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.175.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001693/; classtype:trojan-activity;sid:82864793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.54.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001691/; classtype:trojan-activity;sid:82864791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.84.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001690/; classtype:trojan-activity;sid:82864790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.82.145.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001689/; classtype:trojan-activity;sid:82864789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.65.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001688/; classtype:trojan-activity;sid:82864788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.179.149.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001685/; classtype:trojan-activity;sid:82864785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.6.3.177"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001686/; classtype:trojan-activity;sid:82864786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001687)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.109.186.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001687/; classtype:trojan-activity;sid:82864787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.38.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001684/; classtype:trojan-activity;sid:82864784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.216.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001683/; classtype:trojan-activity;sid:82864783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.96.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001682/; classtype:trojan-activity;sid:82864782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.125.190.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001681/; classtype:trojan-activity;sid:82864781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.159.233.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001680/; classtype:trojan-activity;sid:82864780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001679)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.130.89.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001679/; classtype:trojan-activity;sid:82864779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.94.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001677/; classtype:trojan-activity;sid:82864777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.230.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001678/; classtype:trojan-activity;sid:82864778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.113.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001675/; classtype:trojan-activity;sid:82864775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.163.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001676/; classtype:trojan-activity;sid:82864776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.35.191.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001674/; classtype:trojan-activity;sid:82864774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.172.11.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001673/; classtype:trojan-activity;sid:82864773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.239.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001670/; classtype:trojan-activity;sid:82864770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.188.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001671/; classtype:trojan-activity;sid:82864771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.43.113.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001672/; classtype:trojan-activity;sid:82864772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.85.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001669/; classtype:trojan-activity;sid:82864769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.232.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001668/; classtype:trojan-activity;sid:82864768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.23.112.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001667/; classtype:trojan-activity;sid:82864767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.246.240.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001665/; classtype:trojan-activity;sid:82864765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.174.240.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001666/; classtype:trojan-activity;sid:82864766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.135.64.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001663/; classtype:trojan-activity;sid:82864763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.10.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001664/; classtype:trojan-activity;sid:82864764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.1.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001662/; classtype:trojan-activity;sid:82864762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.185.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001661/; classtype:trojan-activity;sid:82864761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.3.177"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001659/; classtype:trojan-activity;sid:82864759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.81.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001660/; classtype:trojan-activity;sid:82864760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.228.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001658/; classtype:trojan-activity;sid:82864758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.75.124.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001657/; classtype:trojan-activity;sid:82864757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.250.78.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001656/; classtype:trojan-activity;sid:82864756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.113.253.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001655/; classtype:trojan-activity;sid:82864755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.79.183.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001654/; classtype:trojan-activity;sid:82864754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.105.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001652/; classtype:trojan-activity;sid:82864752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.188.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001653/; classtype:trojan-activity;sid:82864753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.8.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001651/; classtype:trojan-activity;sid:82864751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.163.8.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001649/; classtype:trojan-activity;sid:82864749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.113.173.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001650/; classtype:trojan-activity;sid:82864750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.173.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001648/; classtype:trojan-activity;sid:82864748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.12.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001646/; classtype:trojan-activity;sid:82864746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.162.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001647/; classtype:trojan-activity;sid:82864747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.86.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001645/; classtype:trojan-activity;sid:82864745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.175.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001644/; classtype:trojan-activity;sid:82864744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.134.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001643/; classtype:trojan-activity;sid:82864743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.201.38.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001642/; classtype:trojan-activity;sid:82864742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.148.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001638/; classtype:trojan-activity;sid:82864738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.52.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001639/; classtype:trojan-activity;sid:82864739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.184.136.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001640/; classtype:trojan-activity;sid:82864740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.109.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001641/; classtype:trojan-activity;sid:82864741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.172.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001637/; classtype:trojan-activity;sid:82864737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.82.145.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001636/; classtype:trojan-activity;sid:82864736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.140.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001635/; classtype:trojan-activity;sid:82864735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.163.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001634/; classtype:trojan-activity;sid:82864734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.127.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001633/; classtype:trojan-activity;sid:82864733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.96.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001632/; classtype:trojan-activity;sid:82864732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.175.127.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001631/; classtype:trojan-activity;sid:82864731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.250.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2001630/; classtype:trojan-activity;sid:82864730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2001629)"; flow:established,from_clien