################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2020-03-30 18:36:05 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=cfd8e120d47df1a4|7c|26|7c|resid=cfd8e120d47df1a4%211132|7c|26|7c|authkey=afru_0ncopzws7a"; http_uri; depth:101; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332307/; classtype:trojan-activity;sid:81195407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zx3trygq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332306/; classtype:trojan-activity;sid:81195406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; content:"221.160.177.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332305/; classtype:trojan-activity;sid:81195405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; content:"221.160.177.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332304/; classtype:trojan-activity;sid:81195404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; content:"221.160.177.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332303/; classtype:trojan-activity;sid:81195403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; content:"221.160.177.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332302/; classtype:trojan-activity;sid:81195402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"221.160.177.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332301/; classtype:trojan-activity;sid:81195401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332300/; classtype:trojan-activity;sid:81195400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.213.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332299/; classtype:trojan-activity;sid:81195399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.107.255.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332298/; classtype:trojan-activity;sid:81195398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332297/; classtype:trojan-activity;sid:81195397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.119.49.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332296/; classtype:trojan-activity;sid:81195396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332295/; classtype:trojan-activity;sid:81195395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332294/; classtype:trojan-activity;sid:81195394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.174.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332293/; classtype:trojan-activity;sid:81195393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.124.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332291/; classtype:trojan-activity;sid:81195391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332290/; classtype:trojan-activity;sid:81195390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332289/; classtype:trojan-activity;sid:81195389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.209.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332288/; classtype:trojan-activity;sid:81195388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332287/; classtype:trojan-activity;sid:81195387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.85.167.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332286/; classtype:trojan-activity;sid:81195386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"62.16.48.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332285/; classtype:trojan-activity;sid:81195385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gpay_invoice.doc"; http_uri; depth:17; isdataat:!1,relative; content:"www.gpreceipt.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332284/; classtype:trojan-activity;sid:81195384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/acpmq.dat"; http_uri; depth:10; isdataat:!1,relative; content:"show2.website"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332283/; classtype:trojan-activity;sid:81195383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nmbd.dat"; http_uri; depth:9; isdataat:!1,relative; content:"show2.website"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332282/; classtype:trojan-activity;sid:81195382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gezjs.dat"; http_uri; depth:10; isdataat:!1,relative; content:"show2.website"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332281/; classtype:trojan-activity;sid:81195381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/direct/444444.pnguid=tqbpagmacgbvahmabwbmahqaiabxagkabgbkag8adwbzacaanwagafaacgbvagyazqbzahmaaqbvag4ayqbsacaa"; http_uri; depth:110; isdataat:!1,relative; content:"stickit.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332280/; classtype:trojan-activity;sid:81195380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/direct/139292/139292.zip"; http_uri; depth:25; isdataat:!1,relative; content:"googlerank.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332279/; classtype:trojan-activity;sid:81195379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/articles/18928/2910.pnguid=tqbpagmacgbvahmabwbmahqaiabxagkabgbkag8adwbzacaanwagafaacgbvagyazqbzahmaaqbvag4ayqbsacaa"; http_uri; depth:116; isdataat:!1,relative; content:"t.unplugrevolution.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332277/; classtype:trojan-activity;sid:81195377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/direct/444444.pnguid=tqbpagmacgbvahmabwbmahqaiabxagkabgbkag8adwbzacaanwagafaacgbvagyazqbzahmaaqbvag4ayqbsacaa"; http_uri; depth:110; isdataat:!1,relative; content:"worldplaces.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332276/; classtype:trojan-activity;sid:81195376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hjw2q5mw"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332275/; classtype:trojan-activity;sid:81195375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/a0qcgpqg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332274/; classtype:trojan-activity;sid:81195374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chnsfrnd2/regasm.exe"; http_uri; depth:21; isdataat:!1,relative; content:"grosery2frdyhomicandelectronicspmarket.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332272/; classtype:trojan-activity;sid:81195372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/comprobante.zip"; http_uri; depth:16; isdataat:!1,relative; content:"fraude.r1-pl.storage.arubacloud.pl"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332270/; classtype:trojan-activity;sid:81195370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/view/raw/b513774f"; http_uri; depth:18; isdataat:!1,relative; content:"paste.makomk.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332267/; classtype:trojan-activity;sid:81195367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"58.238.186.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332265/; classtype:trojan-activity;sid:81195365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332264/; classtype:trojan-activity;sid:81195364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.87.69.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332263/; classtype:trojan-activity;sid:81195363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.78.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332262/; classtype:trojan-activity;sid:81195362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.233.110.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332261/; classtype:trojan-activity;sid:81195361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.84.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332260/; classtype:trojan-activity;sid:81195360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332259/; classtype:trojan-activity;sid:81195359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332257/; classtype:trojan-activity;sid:81195357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.74.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332255/; classtype:trojan-activity;sid:81195355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.156.182.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332251/; classtype:trojan-activity;sid:81195351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.69.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332249/; classtype:trojan-activity;sid:81195349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.103.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332248/; classtype:trojan-activity;sid:81195348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332245/; classtype:trojan-activity;sid:81195345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.169.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332244/; classtype:trojan-activity;sid:81195344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; content:"45.148.120.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332239/; classtype:trojan-activity;sid:81195339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; content:"45.148.120.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332238/; classtype:trojan-activity;sid:81195338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; content:"45.148.120.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332237/; classtype:trojan-activity;sid:81195337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; content:"45.148.120.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332236/; classtype:trojan-activity;sid:81195336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"45.148.120.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332235/; classtype:trojan-activity;sid:81195335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; content:"45.148.120.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332234/; classtype:trojan-activity;sid:81195334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; content:"45.148.120.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332233/; classtype:trojan-activity;sid:81195333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; content:"45.148.120.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332232/; classtype:trojan-activity;sid:81195332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; content:"45.148.120.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332231/; classtype:trojan-activity;sid:81195331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; content:"45.148.120.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332230/; classtype:trojan-activity;sid:81195330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"45.148.120.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332229/; classtype:trojan-activity;sid:81195329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.ppc440"; http_uri; depth:11; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332227/; classtype:trojan-activity;sid:81195327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.arm7"; http_uri; depth:9; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332226/; classtype:trojan-activity;sid:81195326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.i486"; http_uri; depth:9; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332225/; classtype:trojan-activity;sid:81195325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.arm6"; http_uri; depth:9; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332224/; classtype:trojan-activity;sid:81195324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.mips64"; http_uri; depth:11; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332223/; classtype:trojan-activity;sid:81195323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.x86"; http_uri; depth:8; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332222/; classtype:trojan-activity;sid:81195322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.spc"; http_uri; depth:8; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332221/; classtype:trojan-activity;sid:81195321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.sh4"; http_uri; depth:8; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332220/; classtype:trojan-activity;sid:81195320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.ppc"; http_uri; depth:8; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332219/; classtype:trojan-activity;sid:81195319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.mpsl"; http_uri; depth:9; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332218/; classtype:trojan-activity;sid:81195318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.mips"; http_uri; depth:9; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332217/; classtype:trojan-activity;sid:81195317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.m68k"; http_uri; depth:9; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332216/; classtype:trojan-activity;sid:81195316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.i686"; http_uri; depth:9; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332215/; classtype:trojan-activity;sid:81195315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.i586"; http_uri; depth:9; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332214/; classtype:trojan-activity;sid:81195314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.arm5"; http_uri; depth:9; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332213/; classtype:trojan-activity;sid:81195313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.arm4"; http_uri; depth:9; isdataat:!1,relative; content:"164.132.92.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332212/; classtype:trojan-activity;sid:81195312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/app.exe"; http_uri; depth:12; isdataat:!1,relative; content:"webgames.me"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332211/; classtype:trojan-activity;sid:81195311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/app.exe"; http_uri; depth:12; isdataat:!1,relative; content:"webgames.website"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332210/; classtype:trojan-activity;sid:81195310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/d%20payload_encrypted_1929500.bin"; http_uri; depth:40; isdataat:!1,relative; content:"tobo-group.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332209/; classtype:trojan-activity;sid:81195309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1r51btbfjwahhksmh0gxqztzg2twxtt7z"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332208/; classtype:trojan-activity;sid:81195308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1nxufbrp7v7glfmcbqbnpx-t4rhfcdisa"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332206/; classtype:trojan-activity;sid:81195306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sagawa7.3.1.apk"; http_uri; depth:16; isdataat:!1,relative; content:"bsdxz.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332205/; classtype:trojan-activity;sid:81195305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sagawa8.7.9.apk"; http_uri; depth:16; isdataat:!1,relative; content:"bsdez.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332204/; classtype:trojan-activity;sid:81195304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sagawa8.4.6.apk"; http_uri; depth:16; isdataat:!1,relative; content:"ndgsz.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332202/; classtype:trojan-activity;sid:81195302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.spc"; http_uri; depth:12; isdataat:!1,relative; content:"192.119.81.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332201/; classtype:trojan-activity;sid:81195301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.sh4"; http_uri; depth:12; isdataat:!1,relative; content:"192.119.81.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332200/; classtype:trojan-activity;sid:81195300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.ppc"; http_uri; depth:12; isdataat:!1,relative; content:"192.119.81.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332199/; classtype:trojan-activity;sid:81195299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"192.119.81.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332198/; classtype:trojan-activity;sid:81195298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.mips"; http_uri; depth:13; isdataat:!1,relative; content:"192.119.81.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332197/; classtype:trojan-activity;sid:81195297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.m68k"; http_uri; depth:13; isdataat:!1,relative; content:"192.119.81.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332196/; classtype:trojan-activity;sid:81195296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.arm7"; http_uri; depth:13; isdataat:!1,relative; content:"192.119.81.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332195/; classtype:trojan-activity;sid:81195295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.arm6"; http_uri; depth:13; isdataat:!1,relative; content:"192.119.81.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332194/; classtype:trojan-activity;sid:81195294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.arm5"; http_uri; depth:13; isdataat:!1,relative; content:"192.119.81.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332193/; classtype:trojan-activity;sid:81195293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.arm"; http_uri; depth:12; isdataat:!1,relative; content:"192.119.81.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332192/; classtype:trojan-activity;sid:81195292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.x86"; http_uri; depth:12; isdataat:!1,relative; content:"192.119.81.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332191/; classtype:trojan-activity;sid:81195291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.x86_64"; http_uri; depth:15; isdataat:!1,relative; content:"192.119.81.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332190/; classtype:trojan-activity;sid:81195290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=b03ee17d51411308|7c|26|7c|resid=b03ee17d51411308%212152|7c|26|7c|authkey=abutaac83l5utks"; http_uri; depth:101; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332177/; classtype:trojan-activity;sid:81195277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ibh6oomyqlpx8xymf_0b5-mmw32jnfn2"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332174/; classtype:trojan-activity;sid:81195274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/~zadmin/ecloud/nklo_encrypted_499be70.bin"; http_uri; depth:42; isdataat:!1,relative; content:"allenservice.ga"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332173/; classtype:trojan-activity;sid:81195273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1filmgzc6mbngqvrpa3savzzepz0nfsml"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332172/; classtype:trojan-activity;sid:81195272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1fr0vm1vkvxxy-bisrxujzngyzzmcj1yz"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332171/; classtype:trojan-activity;sid:81195271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/text/mnoriginnn_encrypted_68f8a30.bin"; http_uri; depth:50; isdataat:!1,relative; content:"sunganak.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332170/; classtype:trojan-activity;sid:81195270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=1491235303209d1a|7c|26|7c|resid=1491235303209d1a%21129|7c|26|7c|authkey=acsfv_bojqvxhrg"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332169/; classtype:trojan-activity;sid:81195269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1vvywcgcarbpy_drlhmokknywk4xrkkrv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332168/; classtype:trojan-activity;sid:81195268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1wjj8tn_u20vde71hbfgag9bx0dmhy_og"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332165/; classtype:trojan-activity;sid:81195265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1zlnuv6reyk6whf5ogs3d-mbp5_7okuuy"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332164/; classtype:trojan-activity;sid:81195264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1vcoqo9-coiggunpulvp9xhtnnbumnjpg"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332163/; classtype:trojan-activity;sid:81195263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1-1wacqbgp_ewyn6bhnfw8vnnrupnmaiv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332162/; classtype:trojan-activity;sid:81195262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1acn1ai6nxmvlibitoq-gtwpzfnz4ntfv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332161/; classtype:trojan-activity;sid:81195261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1l4kopcq4xn_qvl9h51-aadrgswlxewmp"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332160/; classtype:trojan-activity;sid:81195260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=12apmjvuvr13ka7apagfvgokazoihwixs"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332159/; classtype:trojan-activity;sid:81195259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1oemm8vtpdqymxl7pkzxyax5gddq0rtu2"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332158/; classtype:trojan-activity;sid:81195258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=10wum_vqaxgq41t7yaxb40hrzfsdadefs"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332157/; classtype:trojan-activity;sid:81195257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=f5533cd060d35070|7c|26|7c|resid=f5533cd060d35070%21104|7c|26|7c|authkey=af-tbcilahmkpx8"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332156/; classtype:trojan-activity;sid:81195256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1hx81mfpdh6fhjrpodfxoatclsjmulfnl"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332155/; classtype:trojan-activity;sid:81195255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=f5533cd060d35070|7c|26|7c|resid=f5533cd060d35070%21105|7c|26|7c|authkey=adew0a5cjp6jdji"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332152/; classtype:trojan-activity;sid:81195252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1rccdf3nmutgztj6b9oh-wfpe18vnby3l"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332151/; classtype:trojan-activity;sid:81195251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=7a5e689dd1dc641f|7c|26|7c|resid=7a5e689dd1dc641f%21107|7c|26|7c|authkey=ae9g4jrbu5iqkj8"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332150/; classtype:trojan-activity;sid:81195250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1w1xbfyk3vntjfzxdzyrephlxww_dorih"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332149/; classtype:trojan-activity;sid:81195249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=13at7bs4w5mx5lkegkwrujtxhpyoviz4r"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332148/; classtype:trojan-activity;sid:81195248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1fawdtenlukkrehx0ptsiaw7jwsrojieo"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332147/; classtype:trojan-activity;sid:81195247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1fab1uzb2zilfqmdg-iwtlko8jdnd4f_6"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332146/; classtype:trojan-activity;sid:81195246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ptnrmqyn2hcg4ccwo120nbuh1ugfk9le"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332145/; classtype:trojan-activity;sid:81195245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.8.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332144/; classtype:trojan-activity;sid:81195244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332143/; classtype:trojan-activity;sid:81195243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.132.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332142/; classtype:trojan-activity;sid:81195242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332140/; classtype:trojan-activity;sid:81195240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.87.130.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332139/; classtype:trojan-activity;sid:81195239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.84.232.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332138/; classtype:trojan-activity;sid:81195238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"173.161.208.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332136/; classtype:trojan-activity;sid:81195236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.44.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332134/; classtype:trojan-activity;sid:81195234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.124.5.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332133/; classtype:trojan-activity;sid:81195233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.71.140.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332131/; classtype:trojan-activity;sid:81195231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332130/; classtype:trojan-activity;sid:81195230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.118.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332129/; classtype:trojan-activity;sid:81195229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.122.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332127/; classtype:trojan-activity;sid:81195227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332125/; classtype:trojan-activity;sid:81195225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.9.134.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332123/; classtype:trojan-activity;sid:81195223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"45.226.50.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332117/; classtype:trojan-activity;sid:81195217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.sh4"; http_uri; depth:56; isdataat:!1,relative; content:"hwsrv-706090.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332115/; classtype:trojan-activity;sid:81195215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.spc"; http_uri; depth:56; isdataat:!1,relative; content:"hwsrv-706090.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332114/; classtype:trojan-activity;sid:81195214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.ppc"; http_uri; depth:56; isdataat:!1,relative; content:"hwsrv-706090.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332113/; classtype:trojan-activity;sid:81195213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm7"; http_uri; depth:57; isdataat:!1,relative; content:"hwsrv-706090.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332112/; classtype:trojan-activity;sid:81195212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/uploads/2019/12/pov.exe"; http_uri; depth:45; isdataat:!1,relative; content:"sterilizationvalidation.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332110/; classtype:trojan-activity;sid:81195210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mips"; http_uri; depth:57; isdataat:!1,relative; content:"192.129.188.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332109/; classtype:trojan-activity;sid:81195209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.mpsl"; http_uri; depth:57; isdataat:!1,relative; content:"192.129.188.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332108/; classtype:trojan-activity;sid:81195208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm6"; http_uri; depth:57; isdataat:!1,relative; content:"192.129.188.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332107/; classtype:trojan-activity;sid:81195207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm5"; http_uri; depth:57; isdataat:!1,relative; content:"192.129.188.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332106/; classtype:trojan-activity;sid:81195206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.arm"; http_uri; depth:56; isdataat:!1,relative; content:"192.129.188.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332105/; classtype:trojan-activity;sid:81195205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/swrgiuhguhwrguiwetu/spc"; http_uri; depth:24; isdataat:!1,relative; content:"98.ip-51-91-254.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332104/; classtype:trojan-activity;sid:81195204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/swrgiuhguhwrguiwetu/arm7"; http_uri; depth:25; isdataat:!1,relative; content:"98.ip-51-91-254.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332103/; classtype:trojan-activity;sid:81195203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/swrgiuhguhwrguiwetu/mpsl"; http_uri; depth:25; isdataat:!1,relative; content:"98.ip-51-91-254.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332102/; classtype:trojan-activity;sid:81195202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/swrgiuhguhwrguiwetu/mips"; http_uri; depth:25; isdataat:!1,relative; content:"98.ip-51-91-254.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332101/; classtype:trojan-activity;sid:81195201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/swrgiuhguhwrguiwetu/arm5"; http_uri; depth:25; isdataat:!1,relative; content:"98.ip-51-91-254.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332100/; classtype:trojan-activity;sid:81195200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/swrgiuhguhwrguiwetu/arm"; http_uri; depth:24; isdataat:!1,relative; content:"98.ip-51-91-254.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332099/; classtype:trojan-activity;sid:81195199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/swrgiuhguhwrguiwetu/x86"; http_uri; depth:24; isdataat:!1,relative; content:"98.ip-51-91-254.eu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332098/; classtype:trojan-activity;sid:81195198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/~zadmin/ecloud/fberg_encrypted_90c18cf.bin"; http_uri; depth:43; isdataat:!1,relative; content:"allenservice.ga"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332096/; classtype:trojan-activity;sid:81195196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; content:"vmi363834.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332095/; classtype:trojan-activity;sid:81195195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"vmi363834.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332094/; classtype:trojan-activity;sid:81195194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"vmi363834.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332093/; classtype:trojan-activity;sid:81195193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"vmi363834.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332092/; classtype:trojan-activity;sid:81195192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; content:"vmi363834.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332091/; classtype:trojan-activity;sid:81195191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"vmi363834.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332090/; classtype:trojan-activity;sid:81195190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1irdexlgtsuds6t5xqm4a9fezrgflgj66"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332089/; classtype:trojan-activity;sid:81195189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1qn1aq6r_pqqz_7vzds3robmgnnowzw4z"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332088/; classtype:trojan-activity;sid:81195188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1i1co6fxo7vibycq7pp9k48qpzie89xvq"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332087/; classtype:trojan-activity;sid:81195187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1rm8batg9fhkh74dxazbxym7drgtpi8bb"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332085/; classtype:trojan-activity;sid:81195185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1boc4ie-cb85kxgfqxp7xyev8uyq-2y0c"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332084/; classtype:trojan-activity;sid:81195184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=15ef4rydufpxriwnxvygi2n8al88xbvdc"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332083/; classtype:trojan-activity;sid:81195183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1z0mfnacy4erjpk09mvv3ugxwel7n1dra"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332082/; classtype:trojan-activity;sid:81195182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"141.226.122.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332081/; classtype:trojan-activity;sid:81195181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1jo-mubnvom4wn4pbabba4gxitg9ukite"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332080/; classtype:trojan-activity;sid:81195180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1tobovahgicoanjb35zksw-97pvsdh9d4"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332079/; classtype:trojan-activity;sid:81195179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ud-ioef5uley9fkl5xhhtxtqfdr6sbij"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332077/; classtype:trojan-activity;sid:81195177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1avgz6n7xsfbx8rb5_fd4tj8mmehaiwa_"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332076/; classtype:trojan-activity;sid:81195176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1vml0gdzh9-h_yse8m7gcwybwf5udcb2f"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332075/; classtype:trojan-activity;sid:81195175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/06f8f5e0c9a1f9e3fe2f4d72fcaa84ea1760e236_encrypted_1b94070.bin"; http_uri; depth:81; isdataat:!1,relative; content:"ophtalmiccenter.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332074/; classtype:trojan-activity;sid:81195174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.222.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332070/; classtype:trojan-activity;sid:81195170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.214.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332066/; classtype:trojan-activity;sid:81195166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.161.253.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332062/; classtype:trojan-activity;sid:81195162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.203.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332061/; classtype:trojan-activity;sid:81195161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.81.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332059/; classtype:trojan-activity;sid:81195159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1fifsr2z4zqfbey-vh_p9xf-h-of4ra8k"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332056/; classtype:trojan-activity;sid:81195156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1052vu06yo4ats_pp4_uz_noh-ad3l-nc"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332055/; classtype:trojan-activity;sid:81195155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1uy-m7byyjgaxfwe_achjzrbf3_z99-dk"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332054/; classtype:trojan-activity;sid:81195154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1beodyqbjzmaev9yrd-yxugk5-vlg6hgz"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332052/; classtype:trojan-activity;sid:81195152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/key22_encrypted_b50c29f.bin"; http_uri; depth:28; isdataat:!1,relative; content:"elintec.site"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332050/; classtype:trojan-activity;sid:81195150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1xu6ljlwzaqtl6cnte_jq9h6tfgmsexny"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332049/; classtype:trojan-activity;sid:81195149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=11txvxxkab2ia9ptdbjtdywic0skv6bpf"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332048/; classtype:trojan-activity;sid:81195148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1grfquapbtudtyfl7eiwhijbmskke6xnj"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332047/; classtype:trojan-activity;sid:81195147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=13q5apxkxbs43jkpgtwmc1jf7bx5h6o4q"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332046/; classtype:trojan-activity;sid:81195146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1t4r6mcgc8wk49hupqtbmopsvcrg0iaoj"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332045/; classtype:trojan-activity;sid:81195145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1npv5eztcbgsmxmrkwbesrjxondlrc1h_"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332044/; classtype:trojan-activity;sid:81195144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1aj_lap_fev52hgimbsnf39ewesaewesu"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332043/; classtype:trojan-activity;sid:81195143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"89.34.27.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332042/; classtype:trojan-activity;sid:81195142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.sh4"; http_uri; depth:24; isdataat:!1,relative; content:"104.140.242.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332041/; classtype:trojan-activity;sid:81195141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.m68k"; http_uri; depth:33; isdataat:!1,relative; content:"88.218.17.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332040/; classtype:trojan-activity;sid:81195140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.ppc"; http_uri; depth:32; isdataat:!1,relative; content:"88.218.17.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332039/; classtype:trojan-activity;sid:81195139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.ppc"; http_uri; depth:24; isdataat:!1,relative; content:"104.140.242.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332038/; classtype:trojan-activity;sid:81195138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; content:"89.34.27.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332037/; classtype:trojan-activity;sid:81195137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm"; http_uri; depth:24; isdataat:!1,relative; content:"104.140.242.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332036/; classtype:trojan-activity;sid:81195136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.spc"; http_uri; depth:24; isdataat:!1,relative; content:"104.140.242.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332035/; classtype:trojan-activity;sid:81195135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.arm6"; http_uri; depth:33; isdataat:!1,relative; content:"88.218.17.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332034/; classtype:trojan-activity;sid:81195134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"89.34.27.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332033/; classtype:trojan-activity;sid:81195133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"89.34.27.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332031/; classtype:trojan-activity;sid:81195131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.mpsl"; http_uri; depth:33; isdataat:!1,relative; content:"88.218.17.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332030/; classtype:trojan-activity;sid:81195130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.arm7"; http_uri; depth:33; isdataat:!1,relative; content:"88.218.17.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332029/; classtype:trojan-activity;sid:81195129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"89.34.27.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332028/; classtype:trojan-activity;sid:81195128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.m68k"; http_uri; depth:25; isdataat:!1,relative; content:"104.140.242.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332027/; classtype:trojan-activity;sid:81195127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"89.34.27.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332025/; classtype:trojan-activity;sid:81195125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.sh4"; http_uri; depth:32; isdataat:!1,relative; content:"88.218.17.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332024/; classtype:trojan-activity;sid:81195124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm5"; http_uri; depth:25; isdataat:!1,relative; content:"104.140.242.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332023/; classtype:trojan-activity;sid:81195123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.arm"; http_uri; depth:32; isdataat:!1,relative; content:"88.218.17.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332022/; classtype:trojan-activity;sid:81195122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.mips"; http_uri; depth:33; isdataat:!1,relative; content:"88.218.17.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332019/; classtype:trojan-activity;sid:81195119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; content:"89.34.27.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332018/; classtype:trojan-activity;sid:81195118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mips"; http_uri; depth:25; isdataat:!1,relative; content:"104.140.242.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332017/; classtype:trojan-activity;sid:81195117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.spc"; http_uri; depth:32; isdataat:!1,relative; content:"88.218.17.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332016/; classtype:trojan-activity;sid:81195116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mpsl"; http_uri; depth:25; isdataat:!1,relative; content:"104.140.242.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332015/; classtype:trojan-activity;sid:81195115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; content:"89.34.27.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332014/; classtype:trojan-activity;sid:81195114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"89.34.27.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332013/; classtype:trojan-activity;sid:81195113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.arm5"; http_uri; depth:33; isdataat:!1,relative; content:"88.218.17.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332012/; classtype:trojan-activity;sid:81195112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"89.34.27.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332011/; classtype:trojan-activity;sid:81195111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm6"; http_uri; depth:25; isdataat:!1,relative; content:"104.140.242.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332010/; classtype:trojan-activity;sid:81195110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/$wz$svchost.exe"; http_uri; depth:16; isdataat:!1,relative; content:"108.174.197.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332008/; classtype:trojan-activity;sid:81195108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1iloyi0fgz2tztikmcoyk4_g-xlyzno59"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332007/; classtype:trojan-activity;sid:81195107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1uij6fctuvcj5sqfiw_6k6tvzuyyr0qvz"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332006/; classtype:trojan-activity;sid:81195106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1jdohrocutetjq-e2fnca5fepvt8qsyfr"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332005/; classtype:trojan-activity;sid:81195105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1eewhy5adwd93yhyryi0al41op9ht4xma"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332004/; classtype:trojan-activity;sid:81195104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ptpswfmdqvzqrf640hjabup5s2zch56w"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332003/; classtype:trojan-activity;sid:81195103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1pt9csgyjkjpzpit3nwpzsyceu0sclj9w"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332002/; classtype:trojan-activity;sid:81195102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1xt4z1a9uigegatt9sp9_xvwcyvygn8-g"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/332001/; classtype:trojan-activity;sid:81195101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1y0m4hlhkt-r3plnnodkfpsff4zwnyplp"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331997/; classtype:trojan-activity;sid:81195097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1wvhgboyiejv65nzhkursluhmlakcevgx"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331996/; classtype:trojan-activity;sid:81195096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1pzixskkp9-qryvaoenyjizksofjcbr3b"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331995/; classtype:trojan-activity;sid:81195095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1j6z2xgyfe1dykob4q4ykodhmhs9v8qxe"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331994/; classtype:trojan-activity;sid:81195094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1vf3m3hca36tj4qivielmwfwgjehzycbb"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331992/; classtype:trojan-activity;sid:81195092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/c"; http_uri; depth:15; isdataat:!1,relative; content:"serpentrising.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331991/; classtype:trojan-activity;sid:81195091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.x86"; http_uri; depth:32; isdataat:!1,relative; content:"88.218.17.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331988/; classtype:trojan-activity;sid:81195088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bns/gang123isgodloluaintgettingthesebinslikedammwtf.x86"; http_uri; depth:56; isdataat:!1,relative; content:"192.129.188.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331980/; classtype:trojan-activity;sid:81195080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/swrgiuhguhwrguiwetu/x86_64"; http_uri; depth:27; isdataat:!1,relative; content:"51.91.254.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331974/; classtype:trojan-activity;sid:81195074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.x86"; http_uri; depth:24; isdataat:!1,relative; content:"104.140.242.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331973/; classtype:trojan-activity;sid:81195073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"89.34.27.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331969/; classtype:trojan-activity;sid:81195069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"62.171.176.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331968/; classtype:trojan-activity;sid:81195068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/~zadmin/ecloud/freg_encrypted_8f4eadf.bin"; http_uri; depth:42; isdataat:!1,relative; content:"allenservice.ga"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331966/; classtype:trojan-activity;sid:81195066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=10b30sds97i_hz7lonids02ya3yn7aodb"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331965/; classtype:trojan-activity;sid:81195065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dewise_encrypted_954109f.bin"; http_uri; depth:29; isdataat:!1,relative; content:"www.massivedynamicks.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331964/; classtype:trojan-activity;sid:81195064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/gloriginn_encrypted_be7a62f.bin"; http_uri; depth:44; isdataat:!1,relative; content:"sunganak.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331963/; classtype:trojan-activity;sid:81195063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=19fcd-noyybezstmrheouuditxj9wfj0-"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331961/; classtype:trojan-activity;sid:81195061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=569f732a389e1ea2|7c|26|7c|resid=569f732a389e1ea2%21411|7c|26|7c|authkey=abttm_3nj3iiafm"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331960/; classtype:trojan-activity;sid:81195060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=089487371604aca8|7c|26|7c|resid=89487371604aca8%21110|7c|26|7c|authkey=aguc1xezzll_dly"; http_uri; depth:99; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331959/; classtype:trojan-activity;sid:81195059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1qnqedhk__jgarpg3ju8nqtjqedfu5xnj"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331958/; classtype:trojan-activity;sid:81195058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mdocmenr/sw277345.po.doc"; http_uri; depth:25; isdataat:!1,relative; content:"jotunireq.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331951/; classtype:trojan-activity;sid:81195051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/prodoc/vbc.exe"; http_uri; depth:15; isdataat:!1,relative; content:"prodigorganizationalgroupoffrdy1company.duckdns.org"; http_host; depth:51; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331949/; classtype:trojan-activity;sid:81195049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=8191351450372b91|7c|26|7c|resid=8191351450372b91%21286|7c|26|7c|authkey=ab44dfma7re1fjq"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331947/; classtype:trojan-activity;sid:81195047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/inc/photosetup.exe"; http_uri; depth:19; isdataat:!1,relative; content:"kjbm4.mof.gov.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331944/; classtype:trojan-activity;sid:81195044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.x86"; http_uri; depth:24; isdataat:!1,relative; content:"45.77.79.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331909/; classtype:trojan-activity;sid:81195009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.spc"; http_uri; depth:24; isdataat:!1,relative; content:"45.77.79.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331908/; classtype:trojan-activity;sid:81195008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.sh4"; http_uri; depth:24; isdataat:!1,relative; content:"45.77.79.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331907/; classtype:trojan-activity;sid:81195007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.ppc"; http_uri; depth:24; isdataat:!1,relative; content:"45.77.79.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331906/; classtype:trojan-activity;sid:81195006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mpsl"; http_uri; depth:25; isdataat:!1,relative; content:"45.77.79.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331905/; classtype:trojan-activity;sid:81195005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mips"; http_uri; depth:25; isdataat:!1,relative; content:"45.77.79.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331904/; classtype:trojan-activity;sid:81195004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.m68k"; http_uri; depth:25; isdataat:!1,relative; content:"45.77.79.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331903/; classtype:trojan-activity;sid:81195003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm7"; http_uri; depth:25; isdataat:!1,relative; content:"45.77.79.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331902/; classtype:trojan-activity;sid:81195002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm6"; http_uri; depth:25; isdataat:!1,relative; content:"45.77.79.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331901/; classtype:trojan-activity;sid:81195001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm5"; http_uri; depth:25; isdataat:!1,relative; content:"45.77.79.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331900/; classtype:trojan-activity;sid:81195000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm"; http_uri; depth:24; isdataat:!1,relative; content:"45.77.79.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331899/; classtype:trojan-activity;sid:81194999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; content:"45.95.168.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331898/; classtype:trojan-activity;sid:81194998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; content:"45.95.168.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331897/; classtype:trojan-activity;sid:81194997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; content:"45.95.168.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331896/; classtype:trojan-activity;sid:81194996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; content:"45.95.168.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331895/; classtype:trojan-activity;sid:81194995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331894/; classtype:trojan-activity;sid:81194994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331893/; classtype:trojan-activity;sid:81194993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331892/; classtype:trojan-activity;sid:81194992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331891/; classtype:trojan-activity;sid:81194991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331890/; classtype:trojan-activity;sid:81194990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331889/; classtype:trojan-activity;sid:81194989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"45.95.168.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331888/; classtype:trojan-activity;sid:81194988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.x86"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331887/; classtype:trojan-activity;sid:81194987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.spc"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331886/; classtype:trojan-activity;sid:81194986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331885/; classtype:trojan-activity;sid:81194985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331884/; classtype:trojan-activity;sid:81194984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331883/; classtype:trojan-activity;sid:81194983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331882/; classtype:trojan-activity;sid:81194982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mips"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331881/; classtype:trojan-activity;sid:81194981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331880/; classtype:trojan-activity;sid:81194980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331879/; classtype:trojan-activity;sid:81194979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331878/; classtype:trojan-activity;sid:81194978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331877/; classtype:trojan-activity;sid:81194977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331876/; classtype:trojan-activity;sid:81194976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.arm5"; http_uri; depth:10; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331875/; classtype:trojan-activity;sid:81194975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.arm4"; http_uri; depth:10; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331874/; classtype:trojan-activity;sid:81194974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.sparc"; http_uri; depth:11; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331873/; classtype:trojan-activity;sid:81194973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.m68k"; http_uri; depth:10; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331872/; classtype:trojan-activity;sid:81194972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.i586"; http_uri; depth:10; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331871/; classtype:trojan-activity;sid:81194971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.ppc"; http_uri; depth:9; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331870/; classtype:trojan-activity;sid:81194970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.i686"; http_uri; depth:10; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331869/; classtype:trojan-activity;sid:81194969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.arm6"; http_uri; depth:10; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331868/; classtype:trojan-activity;sid:81194968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.x86"; http_uri; depth:9; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331867/; classtype:trojan-activity;sid:81194967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.sh4"; http_uri; depth:9; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331866/; classtype:trojan-activity;sid:81194966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331865/; classtype:trojan-activity;sid:81194965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.mips"; http_uri; depth:10; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331864/; classtype:trojan-activity;sid:81194964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"50.115.173.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331863/; classtype:trojan-activity;sid:81194963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.182.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331861/; classtype:trojan-activity;sid:81194961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.211.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331858/; classtype:trojan-activity;sid:81194958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.30.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331856/; classtype:trojan-activity;sid:81194956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.134.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331855/; classtype:trojan-activity;sid:81194955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331854/; classtype:trojan-activity;sid:81194954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.153.168.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331851/; classtype:trojan-activity;sid:81194951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.151.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331850/; classtype:trojan-activity;sid:81194950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.112.92.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331848/; classtype:trojan-activity;sid:81194948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.133.224.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331847/; classtype:trojan-activity;sid:81194947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"220.124.192.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331846/; classtype:trojan-activity;sid:81194946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.69.7.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331845/; classtype:trojan-activity;sid:81194945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.58.88.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331843/; classtype:trojan-activity;sid:81194943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m-o/tmp"; http_uri; depth:13; isdataat:!1,relative; content:"219.156.196.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331839/; classtype:trojan-activity;sid:81194939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/garfsp/tpys.exe"; http_uri; depth:16; isdataat:!1,relative; content:"112.74.93.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331838/; classtype:trojan-activity;sid:81194938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"81.218.160.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331837/; classtype:trojan-activity;sid:81194937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331835/; classtype:trojan-activity;sid:81194935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331834/; classtype:trojan-activity;sid:81194934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331832/; classtype:trojan-activity;sid:81194932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.112.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331831/; classtype:trojan-activity;sid:81194931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.115.75.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331830/; classtype:trojan-activity;sid:81194930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.96.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331829/; classtype:trojan-activity;sid:81194929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.200.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331828/; classtype:trojan-activity;sid:81194928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331824/; classtype:trojan-activity;sid:81194924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.71.205.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331822/; classtype:trojan-activity;sid:81194922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.204.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331819/; classtype:trojan-activity;sid:81194919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_30; reference:url, urlhaus.abuse.ch/url/331817/; classtype:trojan-activity;sid:81194917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gaa2vynm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331816/; classtype:trojan-activity;sid:81194916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.i686"; http_uri; depth:10; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331815/; classtype:trojan-activity;sid:81194915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.arm4"; http_uri; depth:10; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331814/; classtype:trojan-activity;sid:81194914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.m68k"; http_uri; depth:10; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331813/; classtype:trojan-activity;sid:81194913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.x86"; http_uri; depth:9; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331812/; classtype:trojan-activity;sid:81194912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.arm6"; http_uri; depth:10; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331811/; classtype:trojan-activity;sid:81194911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331810/; classtype:trojan-activity;sid:81194910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.ppc"; http_uri; depth:9; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331809/; classtype:trojan-activity;sid:81194909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.mips"; http_uri; depth:10; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331808/; classtype:trojan-activity;sid:81194908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331807/; classtype:trojan-activity;sid:81194907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.sparc"; http_uri; depth:11; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331806/; classtype:trojan-activity;sid:81194906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.arm5"; http_uri; depth:10; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331805/; classtype:trojan-activity;sid:81194905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.i586"; http_uri; depth:10; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331804/; classtype:trojan-activity;sid:81194904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331803/; classtype:trojan-activity;sid:81194903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.sh4"; http_uri; depth:9; isdataat:!1,relative; content:"139.59.9.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331802/; classtype:trojan-activity;sid:81194902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hpa50b56"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331801/; classtype:trojan-activity;sid:81194901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.x86"; http_uri; depth:17; isdataat:!1,relative; content:"176.123.6.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331800/; classtype:trojan-activity;sid:81194900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.ppc"; http_uri; depth:17; isdataat:!1,relative; content:"176.123.6.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331799/; classtype:trojan-activity;sid:81194899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.mpsl"; http_uri; depth:18; isdataat:!1,relative; content:"176.123.6.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331798/; classtype:trojan-activity;sid:81194898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.sh4"; http_uri; depth:17; isdataat:!1,relative; content:"176.123.6.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331797/; classtype:trojan-activity;sid:81194897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"176.123.6.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331796/; classtype:trojan-activity;sid:81194896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.mips"; http_uri; depth:18; isdataat:!1,relative; content:"176.123.6.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331795/; classtype:trojan-activity;sid:81194895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"176.123.6.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331794/; classtype:trojan-activity;sid:81194894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"176.123.6.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331793/; classtype:trojan-activity;sid:81194893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/meerkat.m68k"; http_uri; depth:18; isdataat:!1,relative; content:"176.123.6.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331792/; classtype:trojan-activity;sid:81194892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/7xnkm1xu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331791/; classtype:trojan-activity;sid:81194891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.230.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331790/; classtype:trojan-activity;sid:81194890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.230.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331789/; classtype:trojan-activity;sid:81194889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.230.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331788/; classtype:trojan-activity;sid:81194888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.230.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331787/; classtype:trojan-activity;sid:81194887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.230.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331786/; classtype:trojan-activity;sid:81194886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"23.254.230.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331785/; classtype:trojan-activity;sid:81194885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cipher.sh"; http_uri; depth:10; isdataat:!1,relative; content:"23.254.230.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331784/; classtype:trojan-activity;sid:81194884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.230.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331783/; classtype:trojan-activity;sid:81194883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.230.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331782/; classtype:trojan-activity;sid:81194882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.230.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331781/; classtype:trojan-activity;sid:81194881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"23.254.230.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331780/; classtype:trojan-activity;sid:81194880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"23.254.230.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331779/; classtype:trojan-activity;sid:81194879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.193.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331778/; classtype:trojan-activity;sid:81194878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.207.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331777/; classtype:trojan-activity;sid:81194877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.46.222.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331776/; classtype:trojan-activity;sid:81194876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.109.133.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331775/; classtype:trojan-activity;sid:81194875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.112.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331774/; classtype:trojan-activity;sid:81194874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331773/; classtype:trojan-activity;sid:81194873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331772/; classtype:trojan-activity;sid:81194872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.168.137.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331771/; classtype:trojan-activity;sid:81194871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331770/; classtype:trojan-activity;sid:81194870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.209.99.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331769/; classtype:trojan-activity;sid:81194869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.175.173.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331768/; classtype:trojan-activity;sid:81194868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.83.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331767/; classtype:trojan-activity;sid:81194867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.226.251.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331766/; classtype:trojan-activity;sid:81194866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331765/; classtype:trojan-activity;sid:81194865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.57.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331764/; classtype:trojan-activity;sid:81194864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.52.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331763/; classtype:trojan-activity;sid:81194863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331762/; classtype:trojan-activity;sid:81194862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331761/; classtype:trojan-activity;sid:81194861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.15.52.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331760/; classtype:trojan-activity;sid:81194860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.112.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331759/; classtype:trojan-activity;sid:81194859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.135.28.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331758/; classtype:trojan-activity;sid:81194858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kt8rrrk4"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331757/; classtype:trojan-activity;sid:81194857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/fg/formbook_encrypted_a45870.bin"; http_uri; depth:44; isdataat:!1,relative; content:"archerygamesdc.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331756/; classtype:trojan-activity;sid:81194856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sirbin_encrypted_c92c4af.bin"; http_uri; depth:29; isdataat:!1,relative; content:"archerygamesdc.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331755/; classtype:trojan-activity;sid:81194855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jk_azor_encrypted_b18d5bf.bin"; http_uri; depth:30; isdataat:!1,relative; content:"archerygamesdc.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331754/; classtype:trojan-activity;sid:81194854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7.exe"; http_uri; depth:6; isdataat:!1,relative; content:"archerygamesdc.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331753/; classtype:trojan-activity;sid:81194853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1gm723fnnhadlyluj4nvj0pqzqiwcv_ji"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331752/; classtype:trojan-activity;sid:81194852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"138.197.159.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331751/; classtype:trojan-activity;sid:81194851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"138.197.159.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331750/; classtype:trojan-activity;sid:81194850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"138.197.159.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331749/; classtype:trojan-activity;sid:81194849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.159.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331748/; classtype:trojan-activity;sid:81194848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.159.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331747/; classtype:trojan-activity;sid:81194847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.35.231.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331746/; classtype:trojan-activity;sid:81194846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.159.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331745/; classtype:trojan-activity;sid:81194845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pemex.sh"; http_uri; depth:9; isdataat:!1,relative; content:"138.197.159.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331744/; classtype:trojan-activity;sid:81194844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.159.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331743/; classtype:trojan-activity;sid:81194843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"138.197.159.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331742/; classtype:trojan-activity;sid:81194842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.159.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331741/; classtype:trojan-activity;sid:81194841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"138.197.159.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331740/; classtype:trojan-activity;sid:81194840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.159.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331739/; classtype:trojan-activity;sid:81194839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/ucid=1bpswxgetfuqhgf7a4lwqmzrovpgukeuo"; http_uri; depth:43; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331738/; classtype:trojan-activity;sid:81194838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/lb1wrdxu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331737/; classtype:trojan-activity;sid:81194837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.0.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331736/; classtype:trojan-activity;sid:81194836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331735/; classtype:trojan-activity;sid:81194835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.122.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331734/; classtype:trojan-activity;sid:81194834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.204.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331733/; classtype:trojan-activity;sid:81194833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.170.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331732/; classtype:trojan-activity;sid:81194832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331731/; classtype:trojan-activity;sid:81194831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.0.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331730/; classtype:trojan-activity;sid:81194830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331729/; classtype:trojan-activity;sid:81194829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.157.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331728/; classtype:trojan-activity;sid:81194828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.7.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331727/; classtype:trojan-activity;sid:81194827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.68.217.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331726/; classtype:trojan-activity;sid:81194826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.204.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331725/; classtype:trojan-activity;sid:81194825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.229.246.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331724/; classtype:trojan-activity;sid:81194824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.28.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331723/; classtype:trojan-activity;sid:81194823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331722/; classtype:trojan-activity;sid:81194822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.147.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331721/; classtype:trojan-activity;sid:81194821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331720/; classtype:trojan-activity;sid:81194820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331719/; classtype:trojan-activity;sid:81194819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.119.213.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331718/; classtype:trojan-activity;sid:81194818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.72.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331717/; classtype:trojan-activity;sid:81194817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.153.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331716/; classtype:trojan-activity;sid:81194816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.182.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331715/; classtype:trojan-activity;sid:81194815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4zsrrvg8"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331714/; classtype:trojan-activity;sid:81194814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/k0ydtjzu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331713/; classtype:trojan-activity;sid:81194813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1gvku5-wqykzfczonfq6slj8m0edybmnv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331712/; classtype:trojan-activity;sid:81194812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1swsn3bbew5yhabb-wnsxuk8ojutdsxtm"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331711/; classtype:trojan-activity;sid:81194811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1er_djyswsibpisc1undpe4rhe0pskvjy"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331710/; classtype:trojan-activity;sid:81194810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tuyuk2yj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331709/; classtype:trojan-activity;sid:81194809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yprzsnfx"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331708/; classtype:trojan-activity;sid:81194808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"45.76.62.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331707/; classtype:trojan-activity;sid:81194807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"45.76.62.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331706/; classtype:trojan-activity;sid:81194806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"45.76.62.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331705/; classtype:trojan-activity;sid:81194805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"45.76.62.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331704/; classtype:trojan-activity;sid:81194804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"45.76.62.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331703/; classtype:trojan-activity;sid:81194803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"45.76.62.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331702/; classtype:trojan-activity;sid:81194802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"45.76.62.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331701/; classtype:trojan-activity;sid:81194801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"45.76.62.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331700/; classtype:trojan-activity;sid:81194800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"45.76.62.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331699/; classtype:trojan-activity;sid:81194799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"45.76.62.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331698/; classtype:trojan-activity;sid:81194798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"45.76.62.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331697/; classtype:trojan-activity;sid:81194797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"45.76.62.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331696/; classtype:trojan-activity;sid:81194796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3jydjmwr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331695/; classtype:trojan-activity;sid:81194795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a|7c|3b|7c|chmod+777+mozi.a|7c|3b|7c|/tmp/mozi.a+jaws"; http_uri; depth:59; isdataat:!1,relative; content:"182.127.53.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331694/; classtype:trojan-activity;sid:81194794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/a4jr3yck"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331693/; classtype:trojan-activity;sid:81194793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0rbzugzn"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331692/; classtype:trojan-activity;sid:81194792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.spc"; http_uri; depth:9; isdataat:!1,relative; content:"167.71.52.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331691/; classtype:trojan-activity;sid:81194791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"171.233.162.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331690/; classtype:trojan-activity;sid:81194790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.132.111.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331689/; classtype:trojan-activity;sid:81194789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; content:"167.71.52.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331688/; classtype:trojan-activity;sid:81194788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331687/; classtype:trojan-activity;sid:81194787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331686/; classtype:trojan-activity;sid:81194786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.13.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331685/; classtype:trojan-activity;sid:81194785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.228.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331684/; classtype:trojan-activity;sid:81194784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.212.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331683/; classtype:trojan-activity;sid:81194783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331682/; classtype:trojan-activity;sid:81194782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331681/; classtype:trojan-activity;sid:81194781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.168.138.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331680/; classtype:trojan-activity;sid:81194780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.57.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331679/; classtype:trojan-activity;sid:81194779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.9.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331678/; classtype:trojan-activity;sid:81194778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331677/; classtype:trojan-activity;sid:81194777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.41.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331676/; classtype:trojan-activity;sid:81194776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331675/; classtype:trojan-activity;sid:81194775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.8.41.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331674/; classtype:trojan-activity;sid:81194774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.203.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331673/; classtype:trojan-activity;sid:81194773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.165.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331672/; classtype:trojan-activity;sid:81194772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.86.16.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331671/; classtype:trojan-activity;sid:81194771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331670/; classtype:trojan-activity;sid:81194770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.188.103.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331669/; classtype:trojan-activity;sid:81194769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.123.61.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331668/; classtype:trojan-activity;sid:81194768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331667/; classtype:trojan-activity;sid:81194767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331666/; classtype:trojan-activity;sid:81194766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.68.17.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331665/; classtype:trojan-activity;sid:81194765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/e4yzdahk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331664/; classtype:trojan-activity;sid:81194764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; content:"1.246.223.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331663/; classtype:trojan-activity;sid:81194763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/pb1fpqkh"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331662/; classtype:trojan-activity;sid:81194762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1mb-j_ksezb52kaaamylcmhmfv_ucrpsu"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331661/; classtype:trojan-activity;sid:81194761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; content:"167.71.52.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331660/; classtype:trojan-activity;sid:81194760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; content:"167.71.52.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331659/; classtype:trojan-activity;sid:81194759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; content:"167.71.52.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331658/; classtype:trojan-activity;sid:81194758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"167.71.52.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331657/; classtype:trojan-activity;sid:81194757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm6"; http_uri; depth:10; isdataat:!1,relative; content:"167.71.52.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331656/; classtype:trojan-activity;sid:81194756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; content:"167.71.52.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331655/; classtype:trojan-activity;sid:81194755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm4"; http_uri; depth:10; isdataat:!1,relative; content:"167.71.52.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331654/; classtype:trojan-activity;sid:81194754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"167.71.52.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331653/; classtype:trojan-activity;sid:81194753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; content:"167.71.52.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331652/; classtype:trojan-activity;sid:81194752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; content:"167.71.52.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331651/; classtype:trojan-activity;sid:81194751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arhive/oznfd.zip"; http_uri; depth:17; isdataat:!1,relative; content:"fanelishere.ro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331650/; classtype:trojan-activity;sid:81194750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arhive/ozn.zip"; http_uri; depth:15; isdataat:!1,relative; content:"fanelishere.ro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331649/; classtype:trojan-activity;sid:81194749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arhive/fanelmix.zip"; http_uri; depth:20; isdataat:!1,relative; content:"fanelishere.ro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331648/; classtype:trojan-activity;sid:81194748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arhive/fanelgosh.zip"; http_uri; depth:21; isdataat:!1,relative; content:"fanelishere.ro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331647/; classtype:trojan-activity;sid:81194747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cn0jkky3"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331646/; classtype:trojan-activity;sid:81194746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1sctq-yi-u4si9ghexcezeop73ittlhsl"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331645/; classtype:trojan-activity;sid:81194745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1gmxjx0oar2sae4kvosjljj3pw_12-wjy"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331644/; classtype:trojan-activity;sid:81194744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/telnet.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331643/; classtype:trojan-activity;sid:81194743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/telnet.mips"; http_uri; depth:19; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331642/; classtype:trojan-activity;sid:81194742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/telnet.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331641/; classtype:trojan-activity;sid:81194741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/telnet.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331640/; classtype:trojan-activity;sid:81194740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/telnet.arm"; http_uri; depth:18; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331639/; classtype:trojan-activity;sid:81194739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/telnet.x86"; http_uri; depth:18; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331638/; classtype:trojan-activity;sid:81194738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4btrwkxj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331637/; classtype:trojan-activity;sid:81194737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=10jedjvfiogqd6dwl6yawpn-popabdyju"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331636/; classtype:trojan-activity;sid:81194736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1c_ggst6xczfqlxsutpxrads1fb01sye2"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331635/; classtype:trojan-activity;sid:81194735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ahtfkbtbsgkghgov68l48r6n4p_absma"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331634/; classtype:trojan-activity;sid:81194734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.79.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331633/; classtype:trojan-activity;sid:81194733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.205.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331632/; classtype:trojan-activity;sid:81194732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.209.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331631/; classtype:trojan-activity;sid:81194731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.32.106.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331630/; classtype:trojan-activity;sid:81194730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.152.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331629/; classtype:trojan-activity;sid:81194729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.158.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331628/; classtype:trojan-activity;sid:81194728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.144.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331627/; classtype:trojan-activity;sid:81194727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.221.253.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331626/; classtype:trojan-activity;sid:81194726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.62.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331625/; classtype:trojan-activity;sid:81194725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.227.118.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331624/; classtype:trojan-activity;sid:81194724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.163.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331623/; classtype:trojan-activity;sid:81194723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331622/; classtype:trojan-activity;sid:81194722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331621/; classtype:trojan-activity;sid:81194721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331620/; classtype:trojan-activity;sid:81194720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/04xxxwbn"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331619/; classtype:trojan-activity;sid:81194719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hdtyxj0a"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331618/; classtype:trojan-activity;sid:81194718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/m3gkz6as"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331617/; classtype:trojan-activity;sid:81194717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ecg6jgyh"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331616/; classtype:trojan-activity;sid:81194716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yebna3wx"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331615/; classtype:trojan-activity;sid:81194715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331614/; classtype:trojan-activity;sid:81194714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.85.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331613/; classtype:trojan-activity;sid:81194713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.34.234.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331612/; classtype:trojan-activity;sid:81194712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.190.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331611/; classtype:trojan-activity;sid:81194711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331610/; classtype:trojan-activity;sid:81194710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331609/; classtype:trojan-activity;sid:81194709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.8.231.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331608/; classtype:trojan-activity;sid:81194708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.58.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331607/; classtype:trojan-activity;sid:81194707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.225.113.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331606/; classtype:trojan-activity;sid:81194706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.196.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331605/; classtype:trojan-activity;sid:81194705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"118.79.77.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331604/; classtype:trojan-activity;sid:81194704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.101.28.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331603/; classtype:trojan-activity;sid:81194703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.55.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331602/; classtype:trojan-activity;sid:81194702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.48.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331601/; classtype:trojan-activity;sid:81194701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.112.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331600/; classtype:trojan-activity;sid:81194700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.91.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331599/; classtype:trojan-activity;sid:81194699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.148.52.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331598/; classtype:trojan-activity;sid:81194698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.189.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331597/; classtype:trojan-activity;sid:81194697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.187.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331596/; classtype:trojan-activity;sid:81194696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.4.30.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331595/; classtype:trojan-activity;sid:81194695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.14.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331594/; classtype:trojan-activity;sid:81194694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331593/; classtype:trojan-activity;sid:81194693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.76.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331592/; classtype:trojan-activity;sid:81194692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331591/; classtype:trojan-activity;sid:81194691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.8.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331590/; classtype:trojan-activity;sid:81194690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+-"; http_uri; depth:12; isdataat:!1,relative; content:"106.124.182.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331589/; classtype:trojan-activity;sid:81194689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xhbpgw22"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331588/; classtype:trojan-activity;sid:81194688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=15luihbrj-wa53hulxgu_fvuzhkcw3_3o"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331587/; classtype:trojan-activity;sid:81194687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yjqutww4"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331586/; classtype:trojan-activity;sid:81194686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1n84idephxj7lyayblbdnzyq-nmhwlzmb"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331585/; classtype:trojan-activity;sid:81194685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"60.49.65.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331584/; classtype:trojan-activity;sid:81194684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.68.69.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331583/; classtype:trojan-activity;sid:81194683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331582/; classtype:trojan-activity;sid:81194682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.156.115.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331581/; classtype:trojan-activity;sid:81194681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.234.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331580/; classtype:trojan-activity;sid:81194680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.207.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331579/; classtype:trojan-activity;sid:81194679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.3.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331578/; classtype:trojan-activity;sid:81194678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.41.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331577/; classtype:trojan-activity;sid:81194677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.90.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331576/; classtype:trojan-activity;sid:81194676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.7.74.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331575/; classtype:trojan-activity;sid:81194675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.42.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331574/; classtype:trojan-activity;sid:81194674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.5.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331573/; classtype:trojan-activity;sid:81194673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331572/; classtype:trojan-activity;sid:81194672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331571/; classtype:trojan-activity;sid:81194671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; content:"222.142.254.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331570/; classtype:trojan-activity;sid:81194670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/index.php"; http_uri; depth:14; isdataat:!1,relative; content:"ryugakusite.biz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331569/; classtype:trojan-activity;sid:81194669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"171.247.215.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331568/; classtype:trojan-activity;sid:81194668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/adm/p.o%20no.%2031012020,pdf.scr"; http_uri; depth:33; isdataat:!1,relative; content:"expertswebservices.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331567/; classtype:trojan-activity;sid:81194667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vxiyxdfr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331566/; classtype:trojan-activity;sid:81194666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"47.148.102.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331565/; classtype:trojan-activity;sid:81194665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; content:"219.156.196.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331564/; classtype:trojan-activity;sid:81194664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fma54ydt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331563/; classtype:trojan-activity;sid:81194663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.141.103.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331562/; classtype:trojan-activity;sid:81194662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.28.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331561/; classtype:trojan-activity;sid:81194661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.91.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331560/; classtype:trojan-activity;sid:81194660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.19.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331559/; classtype:trojan-activity;sid:81194659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.202.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331558/; classtype:trojan-activity;sid:81194658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.180.117.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331557/; classtype:trojan-activity;sid:81194657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.253.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331556/; classtype:trojan-activity;sid:81194656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.188.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331555/; classtype:trojan-activity;sid:81194655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"14.118.213.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331554/; classtype:trojan-activity;sid:81194654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331553/; classtype:trojan-activity;sid:81194653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.32.105.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331552/; classtype:trojan-activity;sid:81194652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.180.117.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331551/; classtype:trojan-activity;sid:81194651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.120.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331550/; classtype:trojan-activity;sid:81194650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.124.4.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331549/; classtype:trojan-activity;sid:81194649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.165.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331548/; classtype:trojan-activity;sid:81194648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"118.255.255.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331547/; classtype:trojan-activity;sid:81194647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.91.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331546/; classtype:trojan-activity;sid:81194646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331545/; classtype:trojan-activity;sid:81194645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_29; reference:url, urlhaus.abuse.ch/url/331544/; classtype:trojan-activity;sid:81194644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1c1zugnt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331543/; classtype:trojan-activity;sid:81194643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"190.30.24.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331542/; classtype:trojan-activity;sid:81194642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2qvlwr12"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331541/; classtype:trojan-activity;sid:81194641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331540/; classtype:trojan-activity;sid:81194640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331539/; classtype:trojan-activity;sid:81194639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331538/; classtype:trojan-activity;sid:81194638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jppost.apk"; http_uri; depth:11; isdataat:!1,relative; content:"jppost-chi.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331537/; classtype:trojan-activity;sid:81194637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=f7981ce977acb149|7c|26|7c|resid=f7981ce977acb149%21133|7c|26|7c|authkey=anqhkcwj18iegpu"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331536/; classtype:trojan-activity;sid:81194636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=8191351450372b91|7c|26|7c|resid=8191351450372b91%21276|7c|26|7c|authkey=aimzs249x6xj_hc"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331535/; classtype:trojan-activity;sid:81194635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=53d3899d24b45fa5|7c|26|7c|resid=53d3899d24b45fa5%21106|7c|26|7c|authkey=ajfrdf3cxmeitjo"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331534/; classtype:trojan-activity;sid:81194634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.12.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331533/; classtype:trojan-activity;sid:81194633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.37.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331532/; classtype:trojan-activity;sid:81194632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331531/; classtype:trojan-activity;sid:81194631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.188.221.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331530/; classtype:trojan-activity;sid:81194630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.207.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331529/; classtype:trojan-activity;sid:81194629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.77.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331528/; classtype:trojan-activity;sid:81194628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.63.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331527/; classtype:trojan-activity;sid:81194627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.81.98.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331526/; classtype:trojan-activity;sid:81194626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331525/; classtype:trojan-activity;sid:81194625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331524/; classtype:trojan-activity;sid:81194624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331523/; classtype:trojan-activity;sid:81194623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.69.184.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331522/; classtype:trojan-activity;sid:81194622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331521/; classtype:trojan-activity;sid:81194621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331520/; classtype:trojan-activity;sid:81194620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.116.201.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331519/; classtype:trojan-activity;sid:81194619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.10.213.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331518/; classtype:trojan-activity;sid:81194618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.205.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331517/; classtype:trojan-activity;sid:81194617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.145.208.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331516/; classtype:trojan-activity;sid:81194616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331515/; classtype:trojan-activity;sid:81194615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.103.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331514/; classtype:trojan-activity;sid:81194614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.157.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331513/; classtype:trojan-activity;sid:81194613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.109.230.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331512/; classtype:trojan-activity;sid:81194612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331511/; classtype:trojan-activity;sid:81194611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.168.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331510/; classtype:trojan-activity;sid:81194610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.114.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331509/; classtype:trojan-activity;sid:81194609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.206.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331508/; classtype:trojan-activity;sid:81194608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.74.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331507/; classtype:trojan-activity;sid:81194607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.68.241.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331506/; classtype:trojan-activity;sid:81194606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.168.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331505/; classtype:trojan-activity;sid:81194605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.207.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331504/; classtype:trojan-activity;sid:81194604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/692018364674998322/693499887773548655/antivirus.exe"; http_uri; depth:64; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331503/; classtype:trojan-activity;sid:81194603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/h4kuw23f"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331502/; classtype:trojan-activity;sid:81194602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=a0cf4e5a2d7bc526|7c|26|7c|resid=a0cf4e5a2d7bc526%21111|7c|26|7c|authkey=ajrtnlpbnpp1x_4"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331501/; classtype:trojan-activity;sid:81194601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=3f2905efa1c7ac3f|7c|26|7c|resid=3f2905efa1c7ac3f%21154|7c|26|7c|authkey=aasj15d0g_p2pog"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331500/; classtype:trojan-activity;sid:81194600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1m8vudrdv5snq3axvrgbilr9jkv6vt98x"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331499/; classtype:trojan-activity;sid:81194599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1gqs5_8sbzq-ovbbtdhs6leytqfygj75e"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331498/; classtype:trojan-activity;sid:81194598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/images/stb_encrypted_5b6e930.bin"; http_uri; depth:42; isdataat:!1,relative; content:"mfpc.org.my"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331497/; classtype:trojan-activity;sid:81194597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1iw2mk7-_oau_wwqacnm4ggy-dbhycyge"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331496/; classtype:trojan-activity;sid:81194596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/:u:/p/ketoan/efnd_rdevgvjmox4eilxp5wbttutqxq8h5mrtlaio44ypqe=zbnpel|7c|26|7c|download=1"; http_uri; depth:88; isdataat:!1,relative; content:"hoayeuthuong-my.sharepoint.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331495/; classtype:trojan-activity;sid:81194595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=beaf30da1f621c9b|7c|26|7c|resid=beaf30da1f621c9b%21245|7c|26|7c|authkey=abzlklmasm6zu5k"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331494/; classtype:trojan-activity;sid:81194594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=12sfdgal12gwnqajoabzj5h63uzz61kx2"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331493/; classtype:trojan-activity;sid:81194593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/e0nngoq8kd6iwg7/gbam_encrypted_ec8cdef.bin/file"; http_uri; depth:53; isdataat:!1,relative; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331492/; classtype:trojan-activity;sid:81194592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1cryduntct7kipobblgupse4npkr9jk1l"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331491/; classtype:trojan-activity;sid:81194591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/down.phpi=49jwwj95"; http_uri; depth:19; isdataat:!1,relative; content:"file.fm"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331490/; classtype:trojan-activity;sid:81194590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1m1awdmco_ue-dbluzo07xwlee9qog-wa"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331489/; classtype:trojan-activity;sid:81194589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/down.phpi=aakueuqw"; http_uri; depth:19; isdataat:!1,relative; content:"file.fm"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331488/; classtype:trojan-activity;sid:81194588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=d718e3c8e3bc53c0|7c|26|7c|resid=d718e3c8e3bc53c0%21192|7c|26|7c|authkey=acd_hx4bka3z0nw"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331487/; classtype:trojan-activity;sid:81194587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=a9875feefc036720|7c|26|7c|resid=a9875feefc036720%21130|7c|26|7c|authkey=al_3jwwowxm3u1i"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331486/; classtype:trojan-activity;sid:81194586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1dzw-mtd4b5a3jvccvvkdcjsd-bsoqst0"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331485/; classtype:trojan-activity;sid:81194585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/~zadmin/ecloud/nklo_encrypted_a22c2cf.bin"; http_uri; depth:42; isdataat:!1,relative; content:"castmart.ga"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331484/; classtype:trojan-activity;sid:81194584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xop/vla_encrypted_69cba70.bin"; http_uri; depth:30; isdataat:!1,relative; content:"ufostream.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331483/; classtype:trojan-activity;sid:81194583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=cb64e6e1a6ce15a2|7c|26|7c|resid=cb64e6e1a6ce15a2%21110|7c|26|7c|authkey=abdevwq6zapjdri"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331482/; classtype:trojan-activity;sid:81194582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=14d19xmy_1tobhcevrlwpamrvih_i5oof"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331481/; classtype:trojan-activity;sid:81194581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"179.43.149.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331480/; classtype:trojan-activity;sid:81194580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"179.43.149.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331479/; classtype:trojan-activity;sid:81194579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"179.43.149.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331478/; classtype:trojan-activity;sid:81194578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"179.43.149.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331477/; classtype:trojan-activity;sid:81194577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"179.43.149.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331476/; classtype:trojan-activity;sid:81194576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"179.43.149.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331475/; classtype:trojan-activity;sid:81194575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"1.246.222.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331474/; classtype:trojan-activity;sid:81194574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"179.43.149.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331473/; classtype:trojan-activity;sid:81194573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"179.43.149.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331472/; classtype:trojan-activity;sid:81194572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pemex.sh"; http_uri; depth:9; isdataat:!1,relative; content:"179.43.149.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331471/; classtype:trojan-activity;sid:81194571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"179.43.149.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331470/; classtype:trojan-activity;sid:81194570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"179.43.149.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331469/; classtype:trojan-activity;sid:81194569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"179.43.149.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331468/; classtype:trojan-activity;sid:81194568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/who_covid.exe"; http_uri; depth:14; isdataat:!1,relative; content:"www.ktalents.com.my"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331467/; classtype:trojan-activity;sid:81194567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331466/; classtype:trojan-activity;sid:81194566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.189.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331465/; classtype:trojan-activity;sid:81194565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331464/; classtype:trojan-activity;sid:81194564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331463/; classtype:trojan-activity;sid:81194563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331462/; classtype:trojan-activity;sid:81194562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331461/; classtype:trojan-activity;sid:81194561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.226.82.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331460/; classtype:trojan-activity;sid:81194560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331459/; classtype:trojan-activity;sid:81194559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.202.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331458/; classtype:trojan-activity;sid:81194558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.97.154.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331457/; classtype:trojan-activity;sid:81194557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"220.185.198.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331456/; classtype:trojan-activity;sid:81194556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.13.182.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331455/; classtype:trojan-activity;sid:81194555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.112.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331454/; classtype:trojan-activity;sid:81194554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331453/; classtype:trojan-activity;sid:81194553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.114.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331452/; classtype:trojan-activity;sid:81194552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.245.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331451/; classtype:trojan-activity;sid:81194551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.209.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331450/; classtype:trojan-activity;sid:81194550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.141.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331449/; classtype:trojan-activity;sid:81194549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; content:"120.71.102.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331448/; classtype:trojan-activity;sid:81194548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.203.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331447/; classtype:trojan-activity;sid:81194547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.8.189.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331446/; classtype:trojan-activity;sid:81194546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; content:"117.95.48.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331445/; classtype:trojan-activity;sid:81194545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0hnr8dnd"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331444/; classtype:trojan-activity;sid:81194544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vmmfekji"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331443/; classtype:trojan-activity;sid:81194543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cfs3qbdq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331442/; classtype:trojan-activity;sid:81194542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; content:"219.155.170.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331441/; classtype:trojan-activity;sid:81194541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fwbdhjth"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331440/; classtype:trojan-activity;sid:81194540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bf0nq9ld"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331439/; classtype:trojan-activity;sid:81194539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vmzqzhf1"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331438/; classtype:trojan-activity;sid:81194538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/a7jhy3mu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331437/; classtype:trojan-activity;sid:81194537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/h8pyr1nj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331436/; classtype:trojan-activity;sid:81194536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gexd8eag"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331435/; classtype:trojan-activity;sid:81194535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ffscusck"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331434/; classtype:trojan-activity;sid:81194534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ckmnuce3"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331433/; classtype:trojan-activity;sid:81194533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xqveghqy"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331432/; classtype:trojan-activity;sid:81194532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ynjuqkt9"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331431/; classtype:trojan-activity;sid:81194531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331430/; classtype:trojan-activity;sid:81194530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.79.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331429/; classtype:trojan-activity;sid:81194529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.80.170.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331428/; classtype:trojan-activity;sid:81194528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331427/; classtype:trojan-activity;sid:81194527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.7.32.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331426/; classtype:trojan-activity;sid:81194526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.161.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331425/; classtype:trojan-activity;sid:81194525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331424/; classtype:trojan-activity;sid:81194524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331423/; classtype:trojan-activity;sid:81194523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.249.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331422/; classtype:trojan-activity;sid:81194522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331421/; classtype:trojan-activity;sid:81194521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331420/; classtype:trojan-activity;sid:81194520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331419/; classtype:trojan-activity;sid:81194519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331418/; classtype:trojan-activity;sid:81194518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.243.127.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331417/; classtype:trojan-activity;sid:81194517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.124.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331416/; classtype:trojan-activity;sid:81194516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.29.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331415/; classtype:trojan-activity;sid:81194515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.115.39.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331414/; classtype:trojan-activity;sid:81194514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331413/; classtype:trojan-activity;sid:81194513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331412/; classtype:trojan-activity;sid:81194512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331411/; classtype:trojan-activity;sid:81194511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331410/; classtype:trojan-activity;sid:81194510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331409/; classtype:trojan-activity;sid:81194509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331408/; classtype:trojan-activity;sid:81194508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331407/; classtype:trojan-activity;sid:81194507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331406/; classtype:trojan-activity;sid:81194506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331405/; classtype:trojan-activity;sid:81194505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ppc440"; http_uri; depth:7; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331404/; classtype:trojan-activity;sid:81194504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331403/; classtype:trojan-activity;sid:81194503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331402/; classtype:trojan-activity;sid:81194502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.159.81.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331401/; classtype:trojan-activity;sid:81194501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"51.158.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331400/; classtype:trojan-activity;sid:81194500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"51.158.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331399/; classtype:trojan-activity;sid:81194499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"51.158.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331398/; classtype:trojan-activity;sid:81194498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"51.158.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331397/; classtype:trojan-activity;sid:81194497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"51.158.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331396/; classtype:trojan-activity;sid:81194496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"51.158.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331395/; classtype:trojan-activity;sid:81194495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"51.158.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331394/; classtype:trojan-activity;sid:81194494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/axisbins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"51.158.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331393/; classtype:trojan-activity;sid:81194493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/careers/new-file.exe"; http_uri; depth:21; isdataat:!1,relative; content:"gordonmilktransport.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331392/; classtype:trojan-activity;sid:81194492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"51.158.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331391/; classtype:trojan-activity;sid:81194491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"51.158.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331390/; classtype:trojan-activity;sid:81194490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"51.158.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331389/; classtype:trojan-activity;sid:81194489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"51.158.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331388/; classtype:trojan-activity;sid:81194488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"51.158.147.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331387/; classtype:trojan-activity;sid:81194487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"61.216.181.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331386/; classtype:trojan-activity;sid:81194486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"110.154.207.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331385/; classtype:trojan-activity;sid:81194485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rmpmm9sw"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331384/; classtype:trojan-activity;sid:81194484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1stx0bvdqaja0kfveepzmyizctjvwzqa-"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331383/; classtype:trojan-activity;sid:81194483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/noir_x.86"; http_uri; depth:10; isdataat:!1,relative; content:"45.84.196.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331382/; classtype:trojan-activity;sid:81194482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ehczpag0"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331381/; classtype:trojan-activity;sid:81194481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rqqhshrk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331380/; classtype:trojan-activity;sid:81194480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.43.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331379/; classtype:trojan-activity;sid:81194479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331378/; classtype:trojan-activity;sid:81194478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.78.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331377/; classtype:trojan-activity;sid:81194477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.178.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331376/; classtype:trojan-activity;sid:81194476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.177.181.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331375/; classtype:trojan-activity;sid:81194475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331374/; classtype:trojan-activity;sid:81194474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.142.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331373/; classtype:trojan-activity;sid:81194473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.1.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331372/; classtype:trojan-activity;sid:81194472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.189.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331371/; classtype:trojan-activity;sid:81194471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.107.137.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331370/; classtype:trojan-activity;sid:81194470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.240.185.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331369/; classtype:trojan-activity;sid:81194469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331368/; classtype:trojan-activity;sid:81194468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.155.14.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331367/; classtype:trojan-activity;sid:81194467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.8.204.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331366/; classtype:trojan-activity;sid:81194466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.96.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331365/; classtype:trojan-activity;sid:81194465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331364/; classtype:trojan-activity;sid:81194464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.172.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331363/; classtype:trojan-activity;sid:81194463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.68.83.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331362/; classtype:trojan-activity;sid:81194462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331361/; classtype:trojan-activity;sid:81194461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.2.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331360/; classtype:trojan-activity;sid:81194460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.81.14.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331359/; classtype:trojan-activity;sid:81194459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331358/; classtype:trojan-activity;sid:81194458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.63.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331357/; classtype:trojan-activity;sid:81194457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331356/; classtype:trojan-activity;sid:81194456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331355/; classtype:trojan-activity;sid:81194455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331354/; classtype:trojan-activity;sid:81194454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"ip168.ip-164-132-92.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331353/; classtype:trojan-activity;sid:81194453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/~zadmin/ecloud/fberg_encrypted_cfdd1df.bin"; http_uri; depth:43; isdataat:!1,relative; content:"castmart.ga"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331352/; classtype:trojan-activity;sid:81194452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/q3pbrabu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331351/; classtype:trojan-activity;sid:81194451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/u2rh4cec"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331350/; classtype:trojan-activity;sid:81194450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cd1073vj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331349/; classtype:trojan-activity;sid:81194449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vmeibtew"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331348/; classtype:trojan-activity;sid:81194448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gzpguby4"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331347/; classtype:trojan-activity;sid:81194447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/akftqsxy"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331346/; classtype:trojan-activity;sid:81194446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.181.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331345/; classtype:trojan-activity;sid:81194445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.99.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331344/; classtype:trojan-activity;sid:81194444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.209.99.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331343/; classtype:trojan-activity;sid:81194443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.233.22.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331342/; classtype:trojan-activity;sid:81194442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.44.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331341/; classtype:trojan-activity;sid:81194441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"187.85.248.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331340/; classtype:trojan-activity;sid:81194440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.205.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331339/; classtype:trojan-activity;sid:81194439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.72.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331338/; classtype:trojan-activity;sid:81194438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.88.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331337/; classtype:trojan-activity;sid:81194437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.138.132.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331336/; classtype:trojan-activity;sid:81194436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331335/; classtype:trojan-activity;sid:81194435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331334/; classtype:trojan-activity;sid:81194434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.197.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331333/; classtype:trojan-activity;sid:81194433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331332/; classtype:trojan-activity;sid:81194432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.52.172.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331331/; classtype:trojan-activity;sid:81194431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.37.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331330/; classtype:trojan-activity;sid:81194430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.208.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331329/; classtype:trojan-activity;sid:81194429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.204.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331328/; classtype:trojan-activity;sid:81194428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.162.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331327/; classtype:trojan-activity;sid:81194427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.177.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331326/; classtype:trojan-activity;sid:81194426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.237.96.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331325/; classtype:trojan-activity;sid:81194425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.6.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331324/; classtype:trojan-activity;sid:81194424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.117.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331323/; classtype:trojan-activity;sid:81194423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"41.249.212.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331322/; classtype:trojan-activity;sid:81194422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.143.210.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331321/; classtype:trojan-activity;sid:81194421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.89.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331320/; classtype:trojan-activity;sid:81194420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331319/; classtype:trojan-activity;sid:81194419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1shuv8bu5r4objixinsykzmobdo5crhqu"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331318/; classtype:trojan-activity;sid:81194418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=569f732a389e1ea2|7c|26|7c|resid=569f732a389e1ea2%21405|7c|26|7c|authkey=aia3mgxgs9nn5ng"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331317/; classtype:trojan-activity;sid:81194417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1i42ilttplky9xt5brsiegxy2ai20-fsh"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331316/; classtype:trojan-activity;sid:81194416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=dbe3c14b1760ab83|7c|26|7c|resid=dbe3c14b1760ab83%21198|7c|26|7c|authkey=aiokrbsvutexrq4"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331315/; classtype:trojan-activity;sid:81194415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1slt5ncfwpt5xs_7g-kszbdzr-jd1rpby"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331314/; classtype:trojan-activity;sid:81194414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/host_encrypted_1d8b020.bin"; http_uri; depth:27; isdataat:!1,relative; content:"docxuploads.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331313/; classtype:trojan-activity;sid:81194413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1t8mxh2d64n2qwsy6xnzaftzv_rq-vhf2"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331312/; classtype:trojan-activity;sid:81194412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jef_dc5e77f.bin"; http_uri; depth:16; isdataat:!1,relative; content:"46.183.223.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331311/; classtype:trojan-activity;sid:81194411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1e89caeeukoorsxgjmmjphjdoumh8p5yh"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331310/; classtype:trojan-activity;sid:81194410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=b3da1313ee706478|7c|26|7c|resid=b3da1313ee706478%216414|7c|26|7c|authkey=aicylvtret4mel8"; http_uri; depth:101; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331309/; classtype:trojan-activity;sid:81194409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/z2b9m9vc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331308/; classtype:trojan-activity;sid:81194408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/typeidrdklpkirsa.exe"; http_uri; depth:21; isdataat:!1,relative; content:"h906171361.nichost.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331307/; classtype:trojan-activity;sid:81194407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/app.exe"; http_uri; depth:12; isdataat:!1,relative; content:"bestblues.tech"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331306/; classtype:trojan-activity;sid:81194406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=b5ea8d4249d866e6|7c|26|7c|resid=b5ea8d4249d866e6%21164|7c|26|7c|authkey=adfsfcdaw3biboy"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331305/; classtype:trojan-activity;sid:81194405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=b5ea8d4249d866e6|7c|26|7c|resid=b5ea8d4249d866e6%21159|7c|26|7c|authkey=ah8v5qwfa-pdhbo"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331304/; classtype:trojan-activity;sid:81194404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ys_e9iwcwjstaf9uxoknotw3vnmfv7gn"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331303/; classtype:trojan-activity;sid:81194403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ght70sj1ij0hep5rnoahgdgkxgjuxqth"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331302/; classtype:trojan-activity;sid:81194402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=13rmyvjuxmbovvg1rp6wt-cijz7reqcxt"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331301/; classtype:trojan-activity;sid:81194401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0d0ad56b5ca25c824d9bfdb0149/boot/dll/filezilla.dll"; http_uri; depth:51; isdataat:!1,relative; content:"www.kapersky.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331300/; classtype:trojan-activity;sid:81194400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0d0ad56b5ca25c824d9bfdb0149/boot/dll/chromium.dll"; http_uri; depth:50; isdataat:!1,relative; content:"www.kapersky.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331299/; classtype:trojan-activity;sid:81194399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0d0ad56b5ca25c824d9bfdb0149/boot/dll/telegram.exe"; http_uri; depth:50; isdataat:!1,relative; content:"www.kapersky.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331298/; classtype:trojan-activity;sid:81194398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0d0ad56b5ca25c824d9bfdb0149/boot/dll/system_info.exe"; http_uri; depth:53; isdataat:!1,relative; content:"www.kapersky.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331297/; classtype:trojan-activity;sid:81194397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0d0ad56b5ca25c824d9bfdb0149/boot/dll/firefox.exe"; http_uri; depth:49; isdataat:!1,relative; content:"www.kapersky.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331296/; classtype:trojan-activity;sid:81194396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0d0ad56b5ca25c824d9bfdb0149/boot/dll2/system_info.exe"; http_uri; depth:54; isdataat:!1,relative; content:"www.kapersky.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331295/; classtype:trojan-activity;sid:81194395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0d0ad56b5ca25c824d9bfdb0149/boot/dll2/screenshot.exe"; http_uri; depth:53; isdataat:!1,relative; content:"www.kapersky.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331294/; classtype:trojan-activity;sid:81194394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0d0ad56b5ca25c824d9bfdb0149/boot/dll2/reverse_shell.exe"; http_uri; depth:56; isdataat:!1,relative; content:"www.kapersky.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331293/; classtype:trojan-activity;sid:81194393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0d0ad56b5ca25c824d9bfdb0149/boot/droper/chrome.exe_1"; http_uri; depth:53; isdataat:!1,relative; content:"www.kapersky.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331292/; classtype:trojan-activity;sid:81194392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331291/; classtype:trojan-activity;sid:81194391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331290/; classtype:trojan-activity;sid:81194390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331289/; classtype:trojan-activity;sid:81194389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331288/; classtype:trojan-activity;sid:81194388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331287/; classtype:trojan-activity;sid:81194387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/viktor.x86"; http_uri; depth:16; isdataat:!1,relative; content:"164.132.92.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331286/; classtype:trojan-activity;sid:81194386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.aspxauthkey=%21anqhkcwj18iegpu|7c|26|7c|cid=f7981ce977acb149|7c|26|7c|resid=f7981ce977acb149%21133|7c|26|7c|parid=root|7c|26|7c|o=oneup"; http_uri; depth:145; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331285/; classtype:trojan-activity;sid:81194385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.114.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331284/; classtype:trojan-activity;sid:81194384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1jsjfsqrfqosumqyxa_a4z70ze0fpgeun"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331283/; classtype:trojan-activity;sid:81194383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hdjphf26"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331282/; classtype:trojan-activity;sid:81194382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.140.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331281/; classtype:trojan-activity;sid:81194381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331280/; classtype:trojan-activity;sid:81194380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331279/; classtype:trojan-activity;sid:81194379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.26.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331278/; classtype:trojan-activity;sid:81194378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331277/; classtype:trojan-activity;sid:81194377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331276/; classtype:trojan-activity;sid:81194376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.103.233.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331275/; classtype:trojan-activity;sid:81194375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.134.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331274/; classtype:trojan-activity;sid:81194374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.115.74.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331273/; classtype:trojan-activity;sid:81194373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.241.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331272/; classtype:trojan-activity;sid:81194372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331271/; classtype:trojan-activity;sid:81194371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.89.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331270/; classtype:trojan-activity;sid:81194370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331269/; classtype:trojan-activity;sid:81194369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331268/; classtype:trojan-activity;sid:81194368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331267/; classtype:trojan-activity;sid:81194367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.12.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331266/; classtype:trojan-activity;sid:81194366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"14.48.245.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331265/; classtype:trojan-activity;sid:81194365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a|7c|3b|7c|chmod+777+mozi.a|7c|3b|7c|/tmp/mozi.a+jaws"; http_uri; depth:59; isdataat:!1,relative; content:"199.83.204.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331264/; classtype:trojan-activity;sid:81194364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"73.231.235.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331263/; classtype:trojan-activity;sid:81194363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/692273473430749187/693009672491368448/re_top_urgentrfq_ayerexx18-0150d.7z"; http_uri; depth:86; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331262/; classtype:trojan-activity;sid:81194362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v8d0skf3"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331261/; classtype:trojan-activity;sid:81194361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; content:"222.74.186.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331260/; classtype:trojan-activity;sid:81194360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.122.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331259/; classtype:trojan-activity;sid:81194359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331258/; classtype:trojan-activity;sid:81194358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.73.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331257/; classtype:trojan-activity;sid:81194357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331256/; classtype:trojan-activity;sid:81194356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.199.244.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331255/; classtype:trojan-activity;sid:81194355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331254/; classtype:trojan-activity;sid:81194354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.4.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331253/; classtype:trojan-activity;sid:81194353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.149.247.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331252/; classtype:trojan-activity;sid:81194352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.181.155.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331251/; classtype:trojan-activity;sid:81194351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"70.91.56.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331250/; classtype:trojan-activity;sid:81194350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.114.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331249/; classtype:trojan-activity;sid:81194349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.180.117.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331248/; classtype:trojan-activity;sid:81194348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.11.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331247/; classtype:trojan-activity;sid:81194347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.181.157.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331246/; classtype:trojan-activity;sid:81194346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331245/; classtype:trojan-activity;sid:81194345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.237.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331244/; classtype:trojan-activity;sid:81194344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331243/; classtype:trojan-activity;sid:81194343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331242/; classtype:trojan-activity;sid:81194342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.204.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331241/; classtype:trojan-activity;sid:81194341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.20.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331240/; classtype:trojan-activity;sid:81194340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.251.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331239/; classtype:trojan-activity;sid:81194339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331238/; classtype:trojan-activity;sid:81194338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331237/; classtype:trojan-activity;sid:81194337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.240.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331236/; classtype:trojan-activity;sid:81194336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.254.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331235/; classtype:trojan-activity;sid:81194335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"121.177.37.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331234/; classtype:trojan-activity;sid:81194334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uuas9wka"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331233/; classtype:trojan-activity;sid:81194333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bnvwwtva"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331232/; classtype:trojan-activity;sid:81194332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331231/; classtype:trojan-activity;sid:81194331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.130.218.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331230/; classtype:trojan-activity;sid:81194330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331229/; classtype:trojan-activity;sid:81194329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.65.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331228/; classtype:trojan-activity;sid:81194328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.20.146.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331227/; classtype:trojan-activity;sid:81194327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.137.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331226/; classtype:trojan-activity;sid:81194326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"77.43.128.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331225/; classtype:trojan-activity;sid:81194325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.180.117.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331224/; classtype:trojan-activity;sid:81194324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.9.74.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331223/; classtype:trojan-activity;sid:81194323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.78.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331222/; classtype:trojan-activity;sid:81194322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331221/; classtype:trojan-activity;sid:81194321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.114.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331220/; classtype:trojan-activity;sid:81194320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.204.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331219/; classtype:trojan-activity;sid:81194319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.115.32.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331218/; classtype:trojan-activity;sid:81194318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331217/; classtype:trojan-activity;sid:81194317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.103.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331216/; classtype:trojan-activity;sid:81194316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.109.22.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331215/; classtype:trojan-activity;sid:81194315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.109.134.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331214/; classtype:trojan-activity;sid:81194314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.130.234.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331213/; classtype:trojan-activity;sid:81194313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331212/; classtype:trojan-activity;sid:81194312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331211/; classtype:trojan-activity;sid:81194311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331210/; classtype:trojan-activity;sid:81194310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.236.213.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331209/; classtype:trojan-activity;sid:81194309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.200.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_28; reference:url, urlhaus.abuse.ch/url/331208/; classtype:trojan-activity;sid:81194308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wc3tw8n2"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331207/; classtype:trojan-activity;sid:81194307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p0t4t0dir/1vs2dv.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"45.95.168.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331206/; classtype:trojan-activity;sid:81194306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p0t4t0dir/1vs2dv.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331205/; classtype:trojan-activity;sid:81194305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p0t4t0dir/1vs2dv.mips"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331204/; classtype:trojan-activity;sid:81194304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p0t4t0dir/1vs2dv.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331203/; classtype:trojan-activity;sid:81194303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p0t4t0dir/1vs2dv.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331202/; classtype:trojan-activity;sid:81194302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p0t4t0dir/1vs2dv.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"45.95.168.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331201/; classtype:trojan-activity;sid:81194301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p0t4t0dir/1vs2dv.arm"; http_uri; depth:21; isdataat:!1,relative; content:"45.95.168.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331200/; classtype:trojan-activity;sid:81194300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.x86"; http_uri; depth:24; isdataat:!1,relative; content:"134.122.79.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331199/; classtype:trojan-activity;sid:81194299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.spc"; http_uri; depth:24; isdataat:!1,relative; content:"134.122.79.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331198/; classtype:trojan-activity;sid:81194298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.sh4"; http_uri; depth:24; isdataat:!1,relative; content:"134.122.79.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331197/; classtype:trojan-activity;sid:81194297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.ppc"; http_uri; depth:24; isdataat:!1,relative; content:"134.122.79.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331196/; classtype:trojan-activity;sid:81194296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mpsl"; http_uri; depth:25; isdataat:!1,relative; content:"134.122.79.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331195/; classtype:trojan-activity;sid:81194295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mips"; http_uri; depth:25; isdataat:!1,relative; content:"134.122.79.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331194/; classtype:trojan-activity;sid:81194294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.m68k"; http_uri; depth:25; isdataat:!1,relative; content:"134.122.79.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331193/; classtype:trojan-activity;sid:81194293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm7"; http_uri; depth:25; isdataat:!1,relative; content:"134.122.79.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331192/; classtype:trojan-activity;sid:81194292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm6"; http_uri; depth:25; isdataat:!1,relative; content:"134.122.79.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331191/; classtype:trojan-activity;sid:81194291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm5"; http_uri; depth:25; isdataat:!1,relative; content:"134.122.79.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331190/; classtype:trojan-activity;sid:81194290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm"; http_uri; depth:24; isdataat:!1,relative; content:"134.122.79.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331189/; classtype:trojan-activity;sid:81194289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ttt.exe"; http_uri; depth:8; isdataat:!1,relative; content:"conceptinteriors.ae"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331188/; classtype:trojan-activity;sid:81194288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ttt.exe"; http_uri; depth:8; isdataat:!1,relative; content:"www.conceptinteriors.ae"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331187/; classtype:trojan-activity;sid:81194287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331186/; classtype:trojan-activity;sid:81194286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.156.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331185/; classtype:trojan-activity;sid:81194285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.91.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331184/; classtype:trojan-activity;sid:81194284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.32.110.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331183/; classtype:trojan-activity;sid:81194283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.177.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331182/; classtype:trojan-activity;sid:81194282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.203.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331181/; classtype:trojan-activity;sid:81194281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.207.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331180/; classtype:trojan-activity;sid:81194280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.14.17.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331179/; classtype:trojan-activity;sid:81194279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331178/; classtype:trojan-activity;sid:81194278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.9.111.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331177/; classtype:trojan-activity;sid:81194277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331176/; classtype:trojan-activity;sid:81194276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.137.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331175/; classtype:trojan-activity;sid:81194275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.243.122.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331174/; classtype:trojan-activity;sid:81194274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.3.194.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331173/; classtype:trojan-activity;sid:81194273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331172/; classtype:trojan-activity;sid:81194272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331171/; classtype:trojan-activity;sid:81194271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331170/; classtype:trojan-activity;sid:81194270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.93.188.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331169/; classtype:trojan-activity;sid:81194269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.69.224.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331168/; classtype:trojan-activity;sid:81194268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.203.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331167/; classtype:trojan-activity;sid:81194267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.27.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331166/; classtype:trojan-activity;sid:81194266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.130.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331165/; classtype:trojan-activity;sid:81194265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.120.40.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331164/; classtype:trojan-activity;sid:81194264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.68.239.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331163/; classtype:trojan-activity;sid:81194263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.122.131.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331162/; classtype:trojan-activity;sid:81194262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.113.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331161/; classtype:trojan-activity;sid:81194261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331160/; classtype:trojan-activity;sid:81194260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.0.203.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331159/; classtype:trojan-activity;sid:81194259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331158/; classtype:trojan-activity;sid:81194258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.82.128.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331157/; classtype:trojan-activity;sid:81194257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.228.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331156/; classtype:trojan-activity;sid:81194256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"211.229.56.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331155/; classtype:trojan-activity;sid:81194255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/p6jsspga"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331154/; classtype:trojan-activity;sid:81194254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/sihg993z"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331153/; classtype:trojan-activity;sid:81194253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.236.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331152/; classtype:trojan-activity;sid:81194252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.spc"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.236.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331151/; classtype:trojan-activity;sid:81194251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.236.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331150/; classtype:trojan-activity;sid:81194250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.236.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331149/; classtype:trojan-activity;sid:81194249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.236.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331148/; classtype:trojan-activity;sid:81194248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mips"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.236.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331147/; classtype:trojan-activity;sid:81194247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.236.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331146/; classtype:trojan-activity;sid:81194246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.236.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331145/; classtype:trojan-activity;sid:81194245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.236.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331144/; classtype:trojan-activity;sid:81194244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.236.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331143/; classtype:trojan-activity;sid:81194243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.236.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331142/; classtype:trojan-activity;sid:81194242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"198.50.246.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331141/; classtype:trojan-activity;sid:81194241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"198.50.246.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331140/; classtype:trojan-activity;sid:81194240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"198.50.246.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331139/; classtype:trojan-activity;sid:81194239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"198.50.246.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331138/; classtype:trojan-activity;sid:81194238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"198.50.246.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331137/; classtype:trojan-activity;sid:81194237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"198.50.246.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331136/; classtype:trojan-activity;sid:81194236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"198.50.246.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331135/; classtype:trojan-activity;sid:81194235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"198.50.246.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331134/; classtype:trojan-activity;sid:81194234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"198.50.246.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331133/; classtype:trojan-activity;sid:81194233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"198.50.246.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331132/; classtype:trojan-activity;sid:81194232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"198.50.246.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331131/; classtype:trojan-activity;sid:81194231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.mips"; http_uri; depth:10; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331130/; classtype:trojan-activity;sid:81194230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.arm5"; http_uri; depth:10; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331129/; classtype:trojan-activity;sid:81194229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.sh4"; http_uri; depth:9; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331128/; classtype:trojan-activity;sid:81194228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.x86"; http_uri; depth:9; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331127/; classtype:trojan-activity;sid:81194227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"31.168.249.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331126/; classtype:trojan-activity;sid:81194226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.i686"; http_uri; depth:10; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331125/; classtype:trojan-activity;sid:81194225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.i586"; http_uri; depth:10; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331124/; classtype:trojan-activity;sid:81194224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.m68k"; http_uri; depth:10; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331123/; classtype:trojan-activity;sid:81194223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331122/; classtype:trojan-activity;sid:81194222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331121/; classtype:trojan-activity;sid:81194221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.arm6"; http_uri; depth:10; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331120/; classtype:trojan-activity;sid:81194220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.arm4"; http_uri; depth:10; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331119/; classtype:trojan-activity;sid:81194219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331118/; classtype:trojan-activity;sid:81194218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.ppc"; http_uri; depth:9; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331117/; classtype:trojan-activity;sid:81194217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weed.sparc"; http_uri; depth:11; isdataat:!1,relative; content:"142.93.220.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331116/; classtype:trojan-activity;sid:81194216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hqp3vt5z"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331115/; classtype:trojan-activity;sid:81194215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/new~order.jar"; http_uri; depth:14; isdataat:!1,relative; content:"coolshape.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331114/; classtype:trojan-activity;sid:81194214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/softokn3.dll"; http_uri; depth:13; isdataat:!1,relative; content:"rhaeecetbsgmpbulkfz4rhmw.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331113/; classtype:trojan-activity;sid:81194213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/apcvqlxg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331112/; classtype:trojan-activity;sid:81194212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fphherzq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331111/; classtype:trojan-activity;sid:81194211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/u0scen1g"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331110/; classtype:trojan-activity;sid:81194210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eab5rkkh"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331109/; classtype:trojan-activity;sid:81194209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ncptn9qd"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331108/; classtype:trojan-activity;sid:81194208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/2.exe"; http_uri; depth:15; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331107/; classtype:trojan-activity;sid:81194207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/lib.exe"; http_uri; depth:17; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331106/; classtype:trojan-activity;sid:81194206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xzlrnpfnhvrb"; http_uri; depth:13; isdataat:!1,relative; content:"2yb5.andichust.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331105/; classtype:trojan-activity;sid:81194205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1xmw-abstzz1tujiytb2-8toemmr6u6lg"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331104/; classtype:trojan-activity;sid:81194204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shally%20fi/apotle%20bin_encrypted_c13c40.bin"; http_uri; depth:46; isdataat:!1,relative; content:"sbjadvogados.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331103/; classtype:trojan-activity;sid:81194203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=dbe3c14b1760ab83|7c|26|7c|resid=dbe3c14b1760ab83%21201|7c|26|7c|authkey=apostugiey_sl8w"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331102/; classtype:trojan-activity;sid:81194202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=92bbe138b2c3b7cd|7c|26|7c|resid=92bbe138b2c3b7cd%21495|7c|26|7c|authkey=agfaowd4ctqnpwg"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331101/; classtype:trojan-activity;sid:81194201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1n3dfqwlcife2jwidadbffvtqcyoxwvlv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331100/; classtype:trojan-activity;sid:81194200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=dbe3c14b1760ab83|7c|26|7c|resid=dbe3c14b1760ab83%21200|7c|26|7c|authkey=ak7ug87nsumhr0k"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331099/; classtype:trojan-activity;sid:81194199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ac0a0wnbvfyuzbverwhi4rceq_bhobrk"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331098/; classtype:trojan-activity;sid:81194198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/down.phpi=vgkqrseu"; http_uri; depth:19; isdataat:!1,relative; content:"files.fm"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331097/; classtype:trojan-activity;sid:81194197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/~zadmin/icloud/nklo_encrypted_85c4b1f.bin"; http_uri; depth:42; isdataat:!1,relative; content:"castmart.ga"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331096/; classtype:trojan-activity;sid:81194196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1mmc04xuztov0u87hr29eu8rqpijsd7i-"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331095/; classtype:trojan-activity;sid:81194195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.24.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331094/; classtype:trojan-activity;sid:81194194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.209.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331093/; classtype:trojan-activity;sid:81194193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.177.182.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331092/; classtype:trojan-activity;sid:81194192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.171.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331091/; classtype:trojan-activity;sid:81194191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331090/; classtype:trojan-activity;sid:81194190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331089/; classtype:trojan-activity;sid:81194189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331088/; classtype:trojan-activity;sid:81194188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.151.205.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331087/; classtype:trojan-activity;sid:81194187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331086/; classtype:trojan-activity;sid:81194186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.8.61.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331085/; classtype:trojan-activity;sid:81194185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.244.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331084/; classtype:trojan-activity;sid:81194184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.222.195.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331083/; classtype:trojan-activity;sid:81194183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.234.238.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331082/; classtype:trojan-activity;sid:81194182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.219.81.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331081/; classtype:trojan-activity;sid:81194181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.156.196.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331080/; classtype:trojan-activity;sid:81194180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.233.117.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331079/; classtype:trojan-activity;sid:81194179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"162.212.115.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331078/; classtype:trojan-activity;sid:81194178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xeknq5aa"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331077/; classtype:trojan-activity;sid:81194177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vvwdwdl9"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331076/; classtype:trojan-activity;sid:81194176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kg5dp0ag"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331075/; classtype:trojan-activity;sid:81194175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/e6ucxl9e"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331074/; classtype:trojan-activity;sid:81194174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cq7bge9k"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331073/; classtype:trojan-activity;sid:81194173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"85.97.201.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331072/; classtype:trojan-activity;sid:81194172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lib.exe"; http_uri; depth:8; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331071/; classtype:trojan-activity;sid:81194171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/l.exe"; http_uri; depth:6; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331070/; classtype:trojan-activity;sid:81194170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/host.exe"; http_uri; depth:9; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331069/; classtype:trojan-activity;sid:81194169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dwn.exe"; http_uri; depth:8; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331068/; classtype:trojan-activity;sid:81194168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dis.exe"; http_uri; depth:8; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331067/; classtype:trojan-activity;sid:81194167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331066/; classtype:trojan-activity;sid:81194166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331065/; classtype:trojan-activity;sid:81194165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/saxxqccb"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331064/; classtype:trojan-activity;sid:81194164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331063/; classtype:trojan-activity;sid:81194163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331062/; classtype:trojan-activity;sid:81194162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331061/; classtype:trojan-activity;sid:81194161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331060/; classtype:trojan-activity;sid:81194160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331059/; classtype:trojan-activity;sid:81194159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331058/; classtype:trojan-activity;sid:81194158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331057/; classtype:trojan-activity;sid:81194157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331056/; classtype:trojan-activity;sid:81194156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331055/; classtype:trojan-activity;sid:81194155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331054/; classtype:trojan-activity;sid:81194154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331053/; classtype:trojan-activity;sid:81194153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wftp/hamkyyu_encrypted_1861f0.bin"; http_uri; depth:34; isdataat:!1,relative; content:"185.242.104.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331052/; classtype:trojan-activity;sid:81194152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wftp/kayslimmmm_encrypted_1054d10.bin"; http_uri; depth:38; isdataat:!1,relative; content:"185.242.104.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331051/; classtype:trojan-activity;sid:81194151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wftp/out-571924757.hta"; http_uri; depth:23; isdataat:!1,relative; content:"185.242.104.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331050/; classtype:trojan-activity;sid:81194150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wftp/out-756898907.hta"; http_uri; depth:23; isdataat:!1,relative; content:"185.242.104.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331049/; classtype:trojan-activity;sid:81194149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1y--c0xdyjndapzzccowusgiuutb8d1fb"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331048/; classtype:trojan-activity;sid:81194148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/olik/fegfncbccnccgngcccnbngcgncnhhcmyfk9970rit.exe"; http_uri; depth:51; isdataat:!1,relative; content:"asgardia.cl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331047/; classtype:trojan-activity;sid:81194147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; content:"45.95.168.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331046/; classtype:trojan-activity;sid:81194146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; content:"45.95.168.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331045/; classtype:trojan-activity;sid:81194145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; content:"45.95.168.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331044/; classtype:trojan-activity;sid:81194144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; content:"45.95.168.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331043/; classtype:trojan-activity;sid:81194143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331042/; classtype:trojan-activity;sid:81194142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331041/; classtype:trojan-activity;sid:81194141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331040/; classtype:trojan-activity;sid:81194140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331039/; classtype:trojan-activity;sid:81194139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331038/; classtype:trojan-activity;sid:81194138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331037/; classtype:trojan-activity;sid:81194137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"45.95.168.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331036/; classtype:trojan-activity;sid:81194136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.32.103.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331035/; classtype:trojan-activity;sid:81194135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1mptxufw-8ogw42lx5npwh7as5bt7v6mo"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331034/; classtype:trojan-activity;sid:81194134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"125.136.182.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331033/; classtype:trojan-activity;sid:81194133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/glassclass/glass.php"; http_uri; depth:21; isdataat:!1,relative; content:"esiglass.it"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331032/; classtype:trojan-activity;sid:81194132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/glassclass/glass.php"; http_uri; depth:21; isdataat:!1,relative; content:"www.esiglass.it"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331031/; classtype:trojan-activity;sid:81194131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.32.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331030/; classtype:trojan-activity;sid:81194130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.8.193.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331029/; classtype:trojan-activity;sid:81194129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.11.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331028/; classtype:trojan-activity;sid:81194128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.174.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331027/; classtype:trojan-activity;sid:81194127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.86.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331026/; classtype:trojan-activity;sid:81194126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.33.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331025/; classtype:trojan-activity;sid:81194125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.80.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331024/; classtype:trojan-activity;sid:81194124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.222.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331023/; classtype:trojan-activity;sid:81194123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331022/; classtype:trojan-activity;sid:81194122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.230.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331021/; classtype:trojan-activity;sid:81194121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"199.83.203.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331020/; classtype:trojan-activity;sid:81194120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.35.144.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331019/; classtype:trojan-activity;sid:81194119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.123.110.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331018/; classtype:trojan-activity;sid:81194118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.40.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331017/; classtype:trojan-activity;sid:81194117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331016/; classtype:trojan-activity;sid:81194116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.241.170.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331015/; classtype:trojan-activity;sid:81194115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.87.64.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331014/; classtype:trojan-activity;sid:81194114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xy.exe"; http_uri; depth:7; isdataat:!1,relative; content:"caiyundaifu.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331013/; classtype:trojan-activity;sid:81194113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cymy"; http_uri; depth:5; isdataat:!1,relative; content:"caiyundaifu.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331012/; classtype:trojan-activity;sid:81194112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/covid-19%20cure%20update.exe"; http_uri; depth:29; isdataat:!1,relative; content:"ktalents.com.my"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331011/; classtype:trojan-activity;sid:81194111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cy9527"; http_uri; depth:7; isdataat:!1,relative; content:"caiyundaifu.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331010/; classtype:trojan-activity;sid:81194110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cy.exe"; http_uri; depth:7; isdataat:!1,relative; content:"caiyundaifu.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331009/; classtype:trojan-activity;sid:81194109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cy"; http_uri; depth:3; isdataat:!1,relative; content:"caiyundaifu.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331008/; classtype:trojan-activity;sid:81194108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x"; http_uri; depth:7; isdataat:!1,relative; content:"45.95.168.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331007/; classtype:trojan-activity;sid:81194107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.x86"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331006/; classtype:trojan-activity;sid:81194106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.spc"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331005/; classtype:trojan-activity;sid:81194105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331004/; classtype:trojan-activity;sid:81194104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331003/; classtype:trojan-activity;sid:81194103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331002/; classtype:trojan-activity;sid:81194102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mips"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331001/; classtype:trojan-activity;sid:81194101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/331000/; classtype:trojan-activity;sid:81194100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330999/; classtype:trojan-activity;sid:81194099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330998/; classtype:trojan-activity;sid:81194098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330997/; classtype:trojan-activity;sid:81194097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330996/; classtype:trojan-activity;sid:81194096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kawaii.x86"; http_uri; depth:16; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330995/; classtype:trojan-activity;sid:81194095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kawaii.spc"; http_uri; depth:16; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330994/; classtype:trojan-activity;sid:81194094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kawaii.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330993/; classtype:trojan-activity;sid:81194093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kawaii.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330992/; classtype:trojan-activity;sid:81194092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kawaii.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330991/; classtype:trojan-activity;sid:81194091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kawaii.mips"; http_uri; depth:17; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330990/; classtype:trojan-activity;sid:81194090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kawaii.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330989/; classtype:trojan-activity;sid:81194089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kawaii.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330988/; classtype:trojan-activity;sid:81194088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kawaii.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330987/; classtype:trojan-activity;sid:81194087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kawaii.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330986/; classtype:trojan-activity;sid:81194086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kawaii.arm"; http_uri; depth:16; isdataat:!1,relative; content:"194.36.188.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330985/; classtype:trojan-activity;sid:81194085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"165.227.201.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330984/; classtype:trojan-activity;sid:81194084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.spc"; http_uri; depth:15; isdataat:!1,relative; content:"165.227.201.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330983/; classtype:trojan-activity;sid:81194083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"165.227.201.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330982/; classtype:trojan-activity;sid:81194082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"165.227.201.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330981/; classtype:trojan-activity;sid:81194081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"165.227.201.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330980/; classtype:trojan-activity;sid:81194080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mips"; http_uri; depth:16; isdataat:!1,relative; content:"165.227.201.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330979/; classtype:trojan-activity;sid:81194079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"165.227.201.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330978/; classtype:trojan-activity;sid:81194078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"165.227.201.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330977/; classtype:trojan-activity;sid:81194077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"165.227.201.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330976/; classtype:trojan-activity;sid:81194076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"165.227.201.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330975/; classtype:trojan-activity;sid:81194075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm"; http_uri; depth:15; isdataat:!1,relative; content:"165.227.201.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330974/; classtype:trojan-activity;sid:81194074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"134.122.126.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330973/; classtype:trojan-activity;sid:81194073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.spc"; http_uri; depth:15; isdataat:!1,relative; content:"134.122.126.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330972/; classtype:trojan-activity;sid:81194072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"134.122.126.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330971/; classtype:trojan-activity;sid:81194071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"134.122.126.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330970/; classtype:trojan-activity;sid:81194070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"134.122.126.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330969/; classtype:trojan-activity;sid:81194069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mips"; http_uri; depth:16; isdataat:!1,relative; content:"134.122.126.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330968/; classtype:trojan-activity;sid:81194068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"134.122.126.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330967/; classtype:trojan-activity;sid:81194067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"134.122.126.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330966/; classtype:trojan-activity;sid:81194066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"134.122.126.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330965/; classtype:trojan-activity;sid:81194065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"134.122.126.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330964/; classtype:trojan-activity;sid:81194064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm"; http_uri; depth:15; isdataat:!1,relative; content:"134.122.126.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330963/; classtype:trojan-activity;sid:81194063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jkira.x86"; http_uri; depth:15; isdataat:!1,relative; content:"45.88.3.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330962/; classtype:trojan-activity;sid:81194062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jkira.spc"; http_uri; depth:15; isdataat:!1,relative; content:"45.88.3.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330961/; classtype:trojan-activity;sid:81194061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jkira.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"45.88.3.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330960/; classtype:trojan-activity;sid:81194060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jkira.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"45.88.3.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330959/; classtype:trojan-activity;sid:81194059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jkira.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"45.88.3.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330958/; classtype:trojan-activity;sid:81194058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jkira.mips"; http_uri; depth:16; isdataat:!1,relative; content:"45.88.3.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330957/; classtype:trojan-activity;sid:81194057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jkira.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"45.88.3.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330956/; classtype:trojan-activity;sid:81194056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jkira.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"45.88.3.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330955/; classtype:trojan-activity;sid:81194055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jkira.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"45.88.3.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330954/; classtype:trojan-activity;sid:81194054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jkira.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"45.88.3.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330953/; classtype:trojan-activity;sid:81194053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jkira.arm"; http_uri; depth:15; isdataat:!1,relative; content:"45.88.3.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330952/; classtype:trojan-activity;sid:81194052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"173.249.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330951/; classtype:trojan-activity;sid:81194051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"173.249.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330950/; classtype:trojan-activity;sid:81194050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"173.249.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330949/; classtype:trojan-activity;sid:81194049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"173.249.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330948/; classtype:trojan-activity;sid:81194048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"173.249.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330947/; classtype:trojan-activity;sid:81194047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"173.249.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330946/; classtype:trojan-activity;sid:81194046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/axisbins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"173.249.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330945/; classtype:trojan-activity;sid:81194045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"173.249.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330944/; classtype:trojan-activity;sid:81194044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"173.249.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330943/; classtype:trojan-activity;sid:81194043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"173.249.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330942/; classtype:trojan-activity;sid:81194042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"173.249.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330941/; classtype:trojan-activity;sid:81194041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"173.249.55.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330940/; classtype:trojan-activity;sid:81194040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=16a_0zeonriejvvjo8rugpqt31kv-hmpj"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330939/; classtype:trojan-activity;sid:81194039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/down/xy.txt"; http_uri; depth:12; isdataat:!1,relative; content:"bflow.security-portal.cz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330938/; classtype:trojan-activity;sid:81194038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mconvid.exe"; http_uri; depth:12; isdataat:!1,relative; content:"lengendryme.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330937/; classtype:trojan-activity;sid:81194037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/server/explorer.exe"; http_uri; depth:20; isdataat:!1,relative; content:"lengendryme.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330936/; classtype:trojan-activity;sid:81194036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vpqjshzs"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330935/; classtype:trojan-activity;sid:81194035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.26.86.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330934/; classtype:trojan-activity;sid:81194034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"171.108.110.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330933/; classtype:trojan-activity;sid:81194033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"45.95.168.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330932/; classtype:trojan-activity;sid:81194032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"45.95.168.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330931/; classtype:trojan-activity;sid:81194031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"45.95.168.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330930/; classtype:trojan-activity;sid:81194030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"45.95.168.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330929/; classtype:trojan-activity;sid:81194029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330928/; classtype:trojan-activity;sid:81194028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.x86"; http_uri; depth:10; isdataat:!1,relative; content:"45.95.168.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330927/; classtype:trojan-activity;sid:81194027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"45.95.168.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330926/; classtype:trojan-activity;sid:81194026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.mips"; http_uri; depth:11; isdataat:!1,relative; content:"45.95.168.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330925/; classtype:trojan-activity;sid:81194025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snype.sh"; http_uri; depth:9; isdataat:!1,relative; content:"45.95.168.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330924/; classtype:trojan-activity;sid:81194024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/simplepie/djorigin_encrypted_2b18ad0.bin"; http_uri; depth:53; isdataat:!1,relative; content:"sunganak.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330923/; classtype:trojan-activity;sid:81194023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1vehlwtmjsjhoqqk-icjkgpvdvvob6lfu"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330922/; classtype:trojan-activity;sid:81194022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1bgenundh-mri2bs1mcw1rm9mpy5dryvg"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330921/; classtype:trojan-activity;sid:81194021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/revslider/admin/porder.bin"; http_uri; depth:46; isdataat:!1,relative; content:"biendaoco.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330920/; classtype:trojan-activity;sid:81194020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=4ea578f7eeda4be5|7c|26|7c|resid=4ea578f7eeda4be5%21111|7c|26|7c|authkey=ap1upzlygkkkd2a"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330919/; classtype:trojan-activity;sid:81194019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=17pmuoek-jgqhprrcu5be2pbhoaqtgtve"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330918/; classtype:trojan-activity;sid:81194018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ngyg1day"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330917/; classtype:trojan-activity;sid:81194017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"115.63.26.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330916/; classtype:trojan-activity;sid:81194016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.120.149.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330915/; classtype:trojan-activity;sid:81194015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.165.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330914/; classtype:trojan-activity;sid:81194014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.171.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330913/; classtype:trojan-activity;sid:81194013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.209.98.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330912/; classtype:trojan-activity;sid:81194012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330911/; classtype:trojan-activity;sid:81194011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.15.14.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330910/; classtype:trojan-activity;sid:81194010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330909/; classtype:trojan-activity;sid:81194009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.43.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330908/; classtype:trojan-activity;sid:81194008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.239.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330907/; classtype:trojan-activity;sid:81194007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.224.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330906/; classtype:trojan-activity;sid:81194006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.186.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330905/; classtype:trojan-activity;sid:81194005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330904/; classtype:trojan-activity;sid:81194004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.141.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330903/; classtype:trojan-activity;sid:81194003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.10.75.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330902/; classtype:trojan-activity;sid:81194002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.168.139.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330901/; classtype:trojan-activity;sid:81194001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.230.133.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330900/; classtype:trojan-activity;sid:81194000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.15.14.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330899/; classtype:trojan-activity;sid:81193999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/axisbins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"62.210.119.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330898/; classtype:trojan-activity;sid:81193998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"24.227.187.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330897/; classtype:trojan-activity;sid:81193997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"71.208.59.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330896/; classtype:trojan-activity;sid:81193996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; content:"219.155.220.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330895/; classtype:trojan-activity;sid:81193995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1pup_129omynklz24jatugf24ougjfukx"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330894/; classtype:trojan-activity;sid:81193994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zfnyxugq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330893/; classtype:trojan-activity;sid:81193993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1vqmlhai3izk7_gzibdgeh8eqjs0dd2o5"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330892/; classtype:trojan-activity;sid:81193992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1dwfoappuqz69v5pczuztq6lflu7qtxx1"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330891/; classtype:trojan-activity;sid:81193991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1aybaxwmdoqoeeb3im4_xbj8f44uvrodx"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330890/; classtype:trojan-activity;sid:81193990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1v15r8ypo2c6o19dw5yr9_srzyi9szlst"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330889/; classtype:trojan-activity;sid:81193989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=d718e3c8e3bc53c0|7c|26|7c|resid=d718e3c8e3bc53c0%21191|7c|26|7c|authkey=ajl2uegqunsgc3q"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330888/; classtype:trojan-activity;sid:81193988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1km03reahzl_n9bqyph_q1ppth7j2w8ld"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330887/; classtype:trojan-activity;sid:81193987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/systemupdate.sh4"; http_uri; depth:17; isdataat:!1,relative; content:"31.202.128.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330886/; classtype:trojan-activity;sid:81193986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/systemupdate.m68k"; http_uri; depth:18; isdataat:!1,relative; content:"31.202.128.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330885/; classtype:trojan-activity;sid:81193985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/systemupdate.ppc"; http_uri; depth:17; isdataat:!1,relative; content:"31.202.128.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330884/; classtype:trojan-activity;sid:81193984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/systemupdate.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"31.202.128.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330883/; classtype:trojan-activity;sid:81193983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/systemupdate.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"31.202.128.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330882/; classtype:trojan-activity;sid:81193982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/systemupdate.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"31.202.128.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330881/; classtype:trojan-activity;sid:81193981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/systemupdate.arm4"; http_uri; depth:18; isdataat:!1,relative; content:"31.202.128.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330880/; classtype:trojan-activity;sid:81193980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/systemupdate.mpsl"; http_uri; depth:18; isdataat:!1,relative; content:"31.202.128.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330879/; classtype:trojan-activity;sid:81193979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/systemupdate.mips"; http_uri; depth:18; isdataat:!1,relative; content:"31.202.128.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330878/; classtype:trojan-activity;sid:81193978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/systemupdate.x86"; http_uri; depth:17; isdataat:!1,relative; content:"31.202.128.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330877/; classtype:trojan-activity;sid:81193977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updater.sh"; http_uri; depth:11; isdataat:!1,relative; content:"31.202.128.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330876/; classtype:trojan-activity;sid:81193976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.58.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330875/; classtype:trojan-activity;sid:81193975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.118.9.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330874/; classtype:trojan-activity;sid:81193974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.239.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330873/; classtype:trojan-activity;sid:81193973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.193.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330872/; classtype:trojan-activity;sid:81193972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330871/; classtype:trojan-activity;sid:81193971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.2.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330870/; classtype:trojan-activity;sid:81193970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.79.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330869/; classtype:trojan-activity;sid:81193969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.87.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330868/; classtype:trojan-activity;sid:81193968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.15.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330867/; classtype:trojan-activity;sid:81193967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330866/; classtype:trojan-activity;sid:81193966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330865/; classtype:trojan-activity;sid:81193965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330864/; classtype:trojan-activity;sid:81193964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.61.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330863/; classtype:trojan-activity;sid:81193963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.245.15.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330862/; classtype:trojan-activity;sid:81193962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.5.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330861/; classtype:trojan-activity;sid:81193961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.31.163.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330860/; classtype:trojan-activity;sid:81193960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330859/; classtype:trojan-activity;sid:81193959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.116.23.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330858/; classtype:trojan-activity;sid:81193958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330857/; classtype:trojan-activity;sid:81193957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"142.93.202.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330856/; classtype:trojan-activity;sid:81193956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.202.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330855/; classtype:trojan-activity;sid:81193955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraivariant.mips"; http_uri; depth:23; isdataat:!1,relative; content:"5.182.211.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330854/; classtype:trojan-activity;sid:81193954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraivariant.mpsl"; http_uri; depth:23; isdataat:!1,relative; content:"5.182.211.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330853/; classtype:trojan-activity;sid:81193953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraivariant.m68k"; http_uri; depth:23; isdataat:!1,relative; content:"5.182.211.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330852/; classtype:trojan-activity;sid:81193952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraivariant.arm7"; http_uri; depth:23; isdataat:!1,relative; content:"5.182.211.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330851/; classtype:trojan-activity;sid:81193951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraivariant.arm"; http_uri; depth:22; isdataat:!1,relative; content:"5.182.211.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330850/; classtype:trojan-activity;sid:81193950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh4"; http_uri; depth:6; isdataat:!1,relative; content:"80.211.230.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330849/; classtype:trojan-activity;sid:81193949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.arm5"; http_uri; depth:7; isdataat:!1,relative; content:"80.211.230.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330848/; classtype:trojan-activity;sid:81193948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"142.93.202.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330847/; classtype:trojan-activity;sid:81193947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraivariant.ppc"; http_uri; depth:22; isdataat:!1,relative; content:"5.182.211.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330846/; classtype:trojan-activity;sid:81193946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.mipsel"; http_uri; depth:9; isdataat:!1,relative; content:"80.211.230.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330845/; classtype:trojan-activity;sid:81193945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.arm5"; http_uri; depth:33; isdataat:!1,relative; content:"5.39.217.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330844/; classtype:trojan-activity;sid:81193944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"142.93.202.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330843/; classtype:trojan-activity;sid:81193943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.mips"; http_uri; depth:33; isdataat:!1,relative; content:"5.39.217.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330842/; classtype:trojan-activity;sid:81193942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wzz070ge"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330841/; classtype:trojan-activity;sid:81193941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.spc"; http_uri; depth:32; isdataat:!1,relative; content:"5.39.217.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330840/; classtype:trojan-activity;sid:81193940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.202.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330839/; classtype:trojan-activity;sid:81193939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraivariant.sh4"; http_uri; depth:22; isdataat:!1,relative; content:"5.182.211.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330838/; classtype:trojan-activity;sid:81193938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraivariant.arm5"; http_uri; depth:23; isdataat:!1,relative; content:"5.182.211.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330837/; classtype:trojan-activity;sid:81193937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.mpsl"; http_uri; depth:33; isdataat:!1,relative; content:"5.39.217.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330836/; classtype:trojan-activity;sid:81193936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.arm"; http_uri; depth:6; isdataat:!1,relative; content:"80.211.230.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330835/; classtype:trojan-activity;sid:81193935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.arm7"; http_uri; depth:7; isdataat:!1,relative; content:"80.211.230.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330834/; classtype:trojan-activity;sid:81193934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraivariant.spc"; http_uri; depth:22; isdataat:!1,relative; content:"5.182.211.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330833/; classtype:trojan-activity;sid:81193933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.ppc"; http_uri; depth:32; isdataat:!1,relative; content:"5.39.217.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330832/; classtype:trojan-activity;sid:81193932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.mips"; http_uri; depth:7; isdataat:!1,relative; content:"80.211.230.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330831/; classtype:trojan-activity;sid:81193931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.arm7"; http_uri; depth:33; isdataat:!1,relative; content:"5.39.217.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330830/; classtype:trojan-activity;sid:81193930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraivariant.arm6"; http_uri; depth:23; isdataat:!1,relative; content:"5.182.211.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330829/; classtype:trojan-activity;sid:81193929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.arm"; http_uri; depth:32; isdataat:!1,relative; content:"5.39.217.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330828/; classtype:trojan-activity;sid:81193928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.arm6"; http_uri; depth:33; isdataat:!1,relative; content:"5.39.217.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330827/; classtype:trojan-activity;sid:81193927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/img/ori4_encrypted_2651f90.bin"; http_uri; depth:49; isdataat:!1,relative; content:"robotrade.com.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330826/; classtype:trojan-activity;sid:81193926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=116xok2yvsrgmyoxhapaxaznksr0zjhfq"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330825/; classtype:trojan-activity;sid:81193925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=cea27e82624ab94f|7c|26|7c|resid=cea27e82624ab94f%21157|7c|26|7c|authkey=ap8ffcn_eytnav8"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330824/; classtype:trojan-activity;sid:81193924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1mbaln-jvf8wttfxmka-owohvjfflel8s"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330823/; classtype:trojan-activity;sid:81193923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1mjljomqjhcbd0l-zxwwzmjdw9znzlw8y"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330822/; classtype:trojan-activity;sid:81193922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1jvih233ne532zrzrm-5fpfhtcbc1tin2"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330821/; classtype:trojan-activity;sid:81193921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"49.89.226.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330820/; classtype:trojan-activity;sid:81193920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/htnjd98d"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330819/; classtype:trojan-activity;sid:81193919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ixr/tax%20challan.zip"; http_uri; depth:34; isdataat:!1,relative; content:"www.gadhikarclinic.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330818/; classtype:trojan-activity;sid:81193918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1qkac9gqhw_pfnprhapwwkthtzmqikct6"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330817/; classtype:trojan-activity;sid:81193917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/blocks/new_build_encrypted_f3ac06f.bin"; http_uri; depth:51; isdataat:!1,relative; content:"centrehotel.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330816/; classtype:trojan-activity;sid:81193916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wftp/ekeneeee_encrypted_c1e13ff.bin"; http_uri; depth:36; isdataat:!1,relative; content:"185.242.104.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330815/; classtype:trojan-activity;sid:81193915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1qc4x3irwgu-9ydor5e_8jvmxg578qq9n"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330814/; classtype:trojan-activity;sid:81193914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1hjpbjc_ekiubce83q_kemj17tra58qyy"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330813/; classtype:trojan-activity;sid:81193913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1-nvtbo-h95jja5anoivraawo--ax3rgg"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330812/; classtype:trojan-activity;sid:81193912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1lmcssp7ld50f8ujmhurcjsummmkzh7tw"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330811/; classtype:trojan-activity;sid:81193911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1rve3igzhtvsdlxcrobroegxth1coi-b6"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330810/; classtype:trojan-activity;sid:81193910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=cb64e6e1a6ce15a2|7c|26|7c|resid=cb64e6e1a6ce15a2%21109|7c|26|7c|authkey=ac4gxwjoopafr9a"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330809/; classtype:trojan-activity;sid:81193909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=10w7xtnk-7acrhq-iczksxydbtco_5cm_"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330808/; classtype:trojan-activity;sid:81193908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1hvfrzd4t7supbiw2egqqzrxd86ksk1ak"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330807/; classtype:trojan-activity;sid:81193907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1c-gihiziuda8fgd4n2y6ysiapa7_fjmu"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330806/; classtype:trojan-activity;sid:81193906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/l.exe"; http_uri; depth:15; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330805/; classtype:trojan-activity;sid:81193905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/host.exe"; http_uri; depth:18; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330804/; classtype:trojan-activity;sid:81193904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/dwn.exe"; http_uri; depth:17; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330803/; classtype:trojan-activity;sid:81193903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/dis.exe"; http_uri; depth:17; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330802/; classtype:trojan-activity;sid:81193902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/1.exe"; http_uri; depth:15; isdataat:!1,relative; content:"45.88.110.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330801/; classtype:trojan-activity;sid:81193901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mix.exe"; http_uri; depth:8; isdataat:!1,relative; content:"yashitsolutions.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330800/; classtype:trojan-activity;sid:81193900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kawaii.x86"; http_uri; depth:16; isdataat:!1,relative; content:"37.49.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330799/; classtype:trojan-activity;sid:81193899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.x86"; http_uri; depth:6; isdataat:!1,relative; content:"80.211.230.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330798/; classtype:trojan-activity;sid:81193898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/penelop/updatewin1.exe"; http_uri; depth:29; isdataat:!1,relative; content:"nokd.top"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330797/; classtype:trojan-activity;sid:81193897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/penelop/updatewin2.exe"; http_uri; depth:29; isdataat:!1,relative; content:"nokd.top"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330796/; classtype:trojan-activity;sid:81193896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/penelop/5.exe"; http_uri; depth:20; isdataat:!1,relative; content:"nokd.top"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330795/; classtype:trojan-activity;sid:81193895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.202.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330794/; classtype:trojan-activity;sid:81193894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"145.239.136.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330793/; classtype:trojan-activity;sid:81193893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/backtrack.x86"; http_uri; depth:22; isdataat:!1,relative; content:"80.240.22.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330792/; classtype:trojan-activity;sid:81193892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"161.35.0.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330791/; classtype:trojan-activity;sid:81193891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"167.99.234.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330790/; classtype:trojan-activity;sid:81193890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/blxntz.x86"; http_uri; depth:16; isdataat:!1,relative; content:"192.129.188.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330789/; classtype:trojan-activity;sid:81193889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"185.172.110.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330788/; classtype:trojan-activity;sid:81193888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mac2139r209ru120934r123jhr908213jh4r09213/lmfao293reuj239jrf234rft34jt.x86"; http_uri; depth:75; isdataat:!1,relative; content:"134.122.87.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330787/; classtype:trojan-activity;sid:81193887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/x86"; http_uri; depth:8; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330786/; classtype:trojan-activity;sid:81193886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc.kbot"; http_uri; depth:14; isdataat:!1,relative; content:"212.237.0.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330785/; classtype:trojan-activity;sid:81193885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4.kbot"; http_uri; depth:14; isdataat:!1,relative; content:"212.237.0.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330784/; classtype:trojan-activity;sid:81193884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl.kbot"; http_uri; depth:15; isdataat:!1,relative; content:"212.237.0.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330783/; classtype:trojan-activity;sid:81193883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips.kbot"; http_uri; depth:15; isdataat:!1,relative; content:"212.237.0.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330782/; classtype:trojan-activity;sid:81193882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k.kbot"; http_uri; depth:15; isdataat:!1,relative; content:"212.237.0.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330781/; classtype:trojan-activity;sid:81193881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7.kbot"; http_uri; depth:15; isdataat:!1,relative; content:"212.237.0.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330780/; classtype:trojan-activity;sid:81193880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6.kbot"; http_uri; depth:15; isdataat:!1,relative; content:"212.237.0.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330779/; classtype:trojan-activity;sid:81193879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5.kbot"; http_uri; depth:15; isdataat:!1,relative; content:"212.237.0.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330778/; classtype:trojan-activity;sid:81193878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm.kbot"; http_uri; depth:14; isdataat:!1,relative; content:"212.237.0.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330777/; classtype:trojan-activity;sid:81193877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arc.kbot"; http_uri; depth:14; isdataat:!1,relative; content:"212.237.0.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330776/; classtype:trojan-activity;sid:81193876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86.kbot"; http_uri; depth:14; isdataat:!1,relative; content:"212.237.0.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330775/; classtype:trojan-activity;sid:81193875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wupxarch.exe"; http_uri; depth:13; isdataat:!1,relative; content:"x.alluniversal.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330774/; classtype:trojan-activity;sid:81193874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"92.222.121.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330773/; classtype:trojan-activity;sid:81193873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"95.179.243.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330772/; classtype:trojan-activity;sid:81193872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/athenam.x86"; http_uri; depth:17; isdataat:!1,relative; content:"176.123.6.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330771/; classtype:trojan-activity;sid:81193871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"178.62.252.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330770/; classtype:trojan-activity;sid:81193870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraivariant.x86"; http_uri; depth:22; isdataat:!1,relative; content:"108.61.215.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330769/; classtype:trojan-activity;sid:81193869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"167.99.234.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330768/; classtype:trojan-activity;sid:81193868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"107.175.36.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330767/; classtype:trojan-activity;sid:81193867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"95.179.243.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330766/; classtype:trojan-activity;sid:81193866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraivariant.x86"; http_uri; depth:22; isdataat:!1,relative; content:"5.182.211.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330765/; classtype:trojan-activity;sid:81193865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"167.99.234.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330764/; classtype:trojan-activity;sid:81193864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.x86"; http_uri; depth:32; isdataat:!1,relative; content:"5.39.217.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330763/; classtype:trojan-activity;sid:81193863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.x86"; http_uri; depth:21; isdataat:!1,relative; content:"185.132.53.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330762/; classtype:trojan-activity;sid:81193862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"145.239.136.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330761/; classtype:trojan-activity;sid:81193861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updateprofile.exe"; http_uri; depth:18; isdataat:!1,relative; content:"promusic.website"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330760/; classtype:trojan-activity;sid:81193860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.x86"; http_uri; depth:16; isdataat:!1,relative; content:"167.71.5.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330759/; classtype:trojan-activity;sid:81193859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/wordpress-seo/vendor/bin/inc.phpipbe=nzcuntguntcumzi=|7c|26|7c|uabe=tw96awxsys81ljagke1hy2ludg9zadsgsw50zwwgtwfjie9tifggmtbfmtvfmykgqxbwbgvxzwjlaxqvntm3ljm2ichlsfrntcwgbglrzsbhzwnrbykgq2hyb21llzgwljaumzk4ny4xndkgu2fmyxjplzuzny4zng==|7c|26|7c|fn=rg9jljkyodg3nje3njk4oc56axa=|7c|26|7c|bs=ma==|7c|26|7c|st=ma==|7c|26|7c|bse=ma==|7c|26|7c|hst=ahr0cdovlze4ns4ymtiumtmxljy2|7c|26|7c|pth=l2ryzwr3b3jklw==|7c|26|7c|ofc=ahr0chm6ly93d3cuaw52b2ljzxnpbxbszs5jb20vaw52b2ljzs10zw1wbgf0zs93b3jk|7c|26|7c|swt=zw5hymxl|7c|26|7c|whl=mtg1ljgyljiwmi4xmty="; http_uri; depth:555; isdataat:!1,relative; content:"uppage.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330758/; classtype:trojan-activity;sid:81193858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/css/demoorigin_encrypted_7cb2350.bin"; http_uri; depth:49; isdataat:!1,relative; content:"bbtravelntours.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330756/; classtype:trojan-activity;sid:81193856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1mjpcqnykiu71pwtdagrm347ah30zc7bh"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330755/; classtype:trojan-activity;sid:81193855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1-m0ub8k2pb7cz3zjmqpiifcyb6tle2v1"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330754/; classtype:trojan-activity;sid:81193854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/2point0.bin"; http_uri; depth:15; isdataat:!1,relative; content:"rainbowisp.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330753/; classtype:trojan-activity;sid:81193853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vla_encrypted_6d99100.bin"; http_uri; depth:26; isdataat:!1,relative; content:"supervisedvisitsllc.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330752/; classtype:trojan-activity;sid:81193852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"//ldr_3341780230_karantino.xyz.exe"; http_uri; depth:34; isdataat:!1,relative; content:"doha-media.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330751/; classtype:trojan-activity;sid:81193851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/staple/444444.png"; http_uri; depth:18; isdataat:!1,relative; content:"hotdsk.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330750/; classtype:trojan-activity;sid:81193850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/umgphqvepj2uigdt.doc"; http_uri; depth:21; isdataat:!1,relative; content:"share.dmca.gripe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330749/; classtype:trojan-activity;sid:81193849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/re/files/covidmappia_v1.0.3.apk"; http_uri; depth:32; isdataat:!1,relative; content:"halykhome.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330748/; classtype:trojan-activity;sid:81193848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1y5um5xwwtfnyeawvawwff9pihuneqtna"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330747/; classtype:trojan-activity;sid:81193847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1sqa_cevfg7bm-p0mmjtejgshkiwootat"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330746/; classtype:trojan-activity;sid:81193846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1lhsvxb8avtj5etg4ehlrrkyodhnazauy"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330745/; classtype:trojan-activity;sid:81193845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1h_1dsuyhkyrk9dgds4ayhkse1qa2kcbf"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330744/; classtype:trojan-activity;sid:81193844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.244.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330743/; classtype:trojan-activity;sid:81193843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.163.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330742/; classtype:trojan-activity;sid:81193842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.204.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330741/; classtype:trojan-activity;sid:81193841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330740/; classtype:trojan-activity;sid:81193840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330739/; classtype:trojan-activity;sid:81193839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330738/; classtype:trojan-activity;sid:81193838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.124.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330737/; classtype:trojan-activity;sid:81193837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330736/; classtype:trojan-activity;sid:81193836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.209.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330735/; classtype:trojan-activity;sid:81193835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330734/; classtype:trojan-activity;sid:81193834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.118.230.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330733/; classtype:trojan-activity;sid:81193833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.241.225.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330732/; classtype:trojan-activity;sid:81193832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.14.208.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330731/; classtype:trojan-activity;sid:81193831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330730/; classtype:trojan-activity;sid:81193830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.160.177.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330729/; classtype:trojan-activity;sid:81193829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.111.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330728/; classtype:trojan-activity;sid:81193828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.123.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330727/; classtype:trojan-activity;sid:81193827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jppost.apk"; http_uri; depth:11; isdataat:!1,relative; content:"jppost-cti.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330726/; classtype:trojan-activity;sid:81193826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jppost.apk"; http_uri; depth:11; isdataat:!1,relative; content:"jppost-cse.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330725/; classtype:trojan-activity;sid:81193825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jppost.apk"; http_uri; depth:11; isdataat:!1,relative; content:"jppost-csa.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330724/; classtype:trojan-activity;sid:81193824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rmqx7msi"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330723/; classtype:trojan-activity;sid:81193823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; content:"170.130.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330722/; classtype:trojan-activity;sid:81193822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; content:"170.130.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330721/; classtype:trojan-activity;sid:81193821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"170.130.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330720/; classtype:trojan-activity;sid:81193820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; content:"170.130.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330719/; classtype:trojan-activity;sid:81193819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"170.130.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330718/; classtype:trojan-activity;sid:81193818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"170.130.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330717/; classtype:trojan-activity;sid:81193817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"170.130.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330716/; classtype:trojan-activity;sid:81193816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; content:"170.130.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330715/; classtype:trojan-activity;sid:81193815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"170.130.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330714/; classtype:trojan-activity;sid:81193814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"170.130.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330713/; classtype:trojan-activity;sid:81193813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"170.130.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330712/; classtype:trojan-activity;sid:81193812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"170.130.172.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330711/; classtype:trojan-activity;sid:81193811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.62.134.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330710/; classtype:trojan-activity;sid:81193810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.7.172.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330709/; classtype:trojan-activity;sid:81193809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.156.188.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330708/; classtype:trojan-activity;sid:81193808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.201.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330707/; classtype:trojan-activity;sid:81193807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330706/; classtype:trojan-activity;sid:81193806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.188.243.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330705/; classtype:trojan-activity;sid:81193805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.48.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330704/; classtype:trojan-activity;sid:81193804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.115.199.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330703/; classtype:trojan-activity;sid:81193803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.233.152.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330702/; classtype:trojan-activity;sid:81193802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.96.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330701/; classtype:trojan-activity;sid:81193801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330700/; classtype:trojan-activity;sid:81193800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.20.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330699/; classtype:trojan-activity;sid:81193799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.143.32.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330698/; classtype:trojan-activity;sid:81193798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.82.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330697/; classtype:trojan-activity;sid:81193797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330696/; classtype:trojan-activity;sid:81193796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330695/; classtype:trojan-activity;sid:81193795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330694/; classtype:trojan-activity;sid:81193794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.68.246.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330693/; classtype:trojan-activity;sid:81193793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.22.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330692/; classtype:trojan-activity;sid:81193792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.189.30.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330691/; classtype:trojan-activity;sid:81193791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.236.192.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330690/; classtype:trojan-activity;sid:81193790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"118.250.49.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330689/; classtype:trojan-activity;sid:81193789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.13.22.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330688/; classtype:trojan-activity;sid:81193788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330687/; classtype:trojan-activity;sid:81193787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.222.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330686/; classtype:trojan-activity;sid:81193786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"91.93.89.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330685/; classtype:trojan-activity;sid:81193785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wsva3jvs"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330684/; classtype:trojan-activity;sid:81193784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/99wxctnq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330683/; classtype:trojan-activity;sid:81193783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"45.14.224.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330682/; classtype:trojan-activity;sid:81193782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"45.14.224.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330681/; classtype:trojan-activity;sid:81193781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"45.14.224.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330680/; classtype:trojan-activity;sid:81193780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"45.14.224.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330679/; classtype:trojan-activity;sid:81193779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"45.14.224.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330678/; classtype:trojan-activity;sid:81193778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"45.14.224.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330677/; classtype:trojan-activity;sid:81193777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"45.14.224.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330676/; classtype:trojan-activity;sid:81193776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"45.14.224.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330675/; classtype:trojan-activity;sid:81193775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"45.14.224.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330674/; classtype:trojan-activity;sid:81193774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330673/; classtype:trojan-activity;sid:81193773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.149.240.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330672/; classtype:trojan-activity;sid:81193772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.241.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330671/; classtype:trojan-activity;sid:81193771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.78.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330670/; classtype:trojan-activity;sid:81193770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.87.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330669/; classtype:trojan-activity;sid:81193769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330668/; classtype:trojan-activity;sid:81193768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.120.175.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330667/; classtype:trojan-activity;sid:81193767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.8.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330666/; classtype:trojan-activity;sid:81193766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330665/; classtype:trojan-activity;sid:81193765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.80.170.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330664/; classtype:trojan-activity;sid:81193764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.42.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330663/; classtype:trojan-activity;sid:81193763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.118.229.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330662/; classtype:trojan-activity;sid:81193762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.233.93.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330661/; classtype:trojan-activity;sid:81193761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.43.65.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330660/; classtype:trojan-activity;sid:81193760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.40.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330659/; classtype:trojan-activity;sid:81193759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.160.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330658/; classtype:trojan-activity;sid:81193758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"89.148.243.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330657/; classtype:trojan-activity;sid:81193757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.179.14.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330656/; classtype:trojan-activity;sid:81193756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.125.245.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330655/; classtype:trojan-activity;sid:81193755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330654/; classtype:trojan-activity;sid:81193754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330653/; classtype:trojan-activity;sid:81193753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330652/; classtype:trojan-activity;sid:81193752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.165.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_27; reference:url, urlhaus.abuse.ch/url/330651/; classtype:trojan-activity;sid:81193751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.botnet"; http_uri; depth:12; isdataat:!1,relative; content:"ip156.ip-145-239-234.eu"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330650/; classtype:trojan-activity;sid:81193750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm.botnet"; http_uri; depth:11; isdataat:!1,relative; content:"ip156.ip-145-239-234.eu"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330649/; classtype:trojan-activity;sid:81193749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mpsl"; http_uri; depth:9; isdataat:!1,relative; content:"209.97.152.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330648/; classtype:trojan-activity;sid:81193748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin/mips"; http_uri; depth:9; isdataat:!1,relative; content:"209.97.152.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330647/; classtype:trojan-activity;sid:81193747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"45.88.3.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330646/; classtype:trojan-activity;sid:81193746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"45.88.3.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330645/; classtype:trojan-activity;sid:81193745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"45.88.3.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330644/; classtype:trojan-activity;sid:81193744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"45.88.3.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330643/; classtype:trojan-activity;sid:81193743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"45.88.3.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330642/; classtype:trojan-activity;sid:81193742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"45.88.3.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330641/; classtype:trojan-activity;sid:81193741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"45.88.3.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330640/; classtype:trojan-activity;sid:81193740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"45.88.3.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330639/; classtype:trojan-activity;sid:81193739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"45.88.3.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330638/; classtype:trojan-activity;sid:81193738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"45.88.3.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330637/; classtype:trojan-activity;sid:81193737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"45.88.3.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330636/; classtype:trojan-activity;sid:81193736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+-"; http_uri; depth:12; isdataat:!1,relative; content:"31.146.212.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330635/; classtype:trojan-activity;sid:81193735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vtavpeab"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330634/; classtype:trojan-activity;sid:81193734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kben3azx"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330633/; classtype:trojan-activity;sid:81193733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gqpqhssf"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330632/; classtype:trojan-activity;sid:81193732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/w2sgdd3k"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330631/; classtype:trojan-activity;sid:81193731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lih91gjc"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330630/; classtype:trojan-activity;sid:81193730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p6excrru"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330629/; classtype:trojan-activity;sid:81193729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/awm8teuq"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330628/; classtype:trojan-activity;sid:81193728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/l5a2k0xg"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330627/; classtype:trojan-activity;sid:81193727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hlz6ngjg"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330626/; classtype:trojan-activity;sid:81193726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gzfbrn3b"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330625/; classtype:trojan-activity;sid:81193725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jizzw1s1"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330624/; classtype:trojan-activity;sid:81193724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/epbwshxz"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330623/; classtype:trojan-activity;sid:81193723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/juruhhz6"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330622/; classtype:trojan-activity;sid:81193722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8pkcdtv5"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330621/; classtype:trojan-activity;sid:81193721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/2vn8d7a33b7bn00043m334krq6sgg3jt/1585259325000/15008699141487957433/*/1uq_k1ylh59i1ybsuc72xgl8d2t-b8orse=download"; http_uri; depth:161; isdataat:!1,relative; content:"doc-0k-c0-docs.googleusercontent.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330620/; classtype:trojan-activity;sid:81193720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/vo92nb75urtmpc1qq1r4dbpsf7ocaks8/1585259100000/15008699141487957433/*/1uq_k1ylh59i1ybsuc72xgl8d2t-b8orse=download"; http_uri; depth:161; isdataat:!1,relative; content:"doc-0k-c0-docs.googleusercontent.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330619/; classtype:trojan-activity;sid:81193719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.google"; http_uri; depth:15; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330618/; classtype:trojan-activity;sid:81193718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.google"; http_uri; depth:15; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330617/; classtype:trojan-activity;sid:81193717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.google"; http_uri; depth:15; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330616/; classtype:trojan-activity;sid:81193716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.google"; http_uri; depth:14; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330615/; classtype:trojan-activity;sid:81193715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.google"; http_uri; depth:15; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330614/; classtype:trojan-activity;sid:81193714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.google"; http_uri; depth:15; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330613/; classtype:trojan-activity;sid:81193713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.google"; http_uri; depth:14; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330612/; classtype:trojan-activity;sid:81193712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.google"; http_uri; depth:15; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330611/; classtype:trojan-activity;sid:81193711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.google"; http_uri; depth:14; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330610/; classtype:trojan-activity;sid:81193710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.google"; http_uri; depth:14; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330609/; classtype:trojan-activity;sid:81193709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.google"; http_uri; depth:15; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330608/; classtype:trojan-activity;sid:81193708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.google"; http_uri; depth:15; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330607/; classtype:trojan-activity;sid:81193707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/google.sh"; http_uri; depth:10; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330606/; classtype:trojan-activity;sid:81193706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/q770c5cj"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330605/; classtype:trojan-activity;sid:81193705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gm28hnhb"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330604/; classtype:trojan-activity;sid:81193704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vdrp10n6"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330603/; classtype:trojan-activity;sid:81193703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qvvl7kfc"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330602/; classtype:trojan-activity;sid:81193702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zp4aabau"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330601/; classtype:trojan-activity;sid:81193701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ue14bfr8"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330600/; classtype:trojan-activity;sid:81193700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wystxhiw"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330599/; classtype:trojan-activity;sid:81193699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jf523cra"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330598/; classtype:trojan-activity;sid:81193698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rdfbpwne"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330597/; classtype:trojan-activity;sid:81193697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1ae8g6wa"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330596/; classtype:trojan-activity;sid:81193696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/guuyqdgq"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330595/; classtype:trojan-activity;sid:81193695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rmfvxssr"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330594/; classtype:trojan-activity;sid:81193694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rwm6fibb"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330593/; classtype:trojan-activity;sid:81193693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gjbq2wqu"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330592/; classtype:trojan-activity;sid:81193692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/45v4mjlk"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330591/; classtype:trojan-activity;sid:81193691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rbl4tscg"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330590/; classtype:trojan-activity;sid:81193690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ymkugdpn"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330589/; classtype:trojan-activity;sid:81193689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nxh2qad8"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330588/; classtype:trojan-activity;sid:81193688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jz5cenet"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330587/; classtype:trojan-activity;sid:81193687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hueylsux"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330586/; classtype:trojan-activity;sid:81193686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ruvpsjjp"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330585/; classtype:trojan-activity;sid:81193685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wivgjrmn"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330584/; classtype:trojan-activity;sid:81193684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin/arm"; http_uri; depth:8; isdataat:!1,relative; content:"209.97.152.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330583/; classtype:trojan-activity;sid:81193683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin/m68k"; http_uri; depth:9; isdataat:!1,relative; content:"209.97.152.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330582/; classtype:trojan-activity;sid:81193682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin/ppc"; http_uri; depth:8; isdataat:!1,relative; content:"209.97.152.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330581/; classtype:trojan-activity;sid:81193681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin/sh4"; http_uri; depth:8; isdataat:!1,relative; content:"209.97.152.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330580/; classtype:trojan-activity;sid:81193680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"209.97.152.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330579/; classtype:trojan-activity;sid:81193679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin/arm7"; http_uri; depth:9; isdataat:!1,relative; content:"209.97.152.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330578/; classtype:trojan-activity;sid:81193678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin/arm6"; http_uri; depth:9; isdataat:!1,relative; content:"209.97.152.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330577/; classtype:trojan-activity;sid:81193677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x86"; http_uri; depth:8; isdataat:!1,relative; content:"209.97.152.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330576/; classtype:trojan-activity;sid:81193676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.33.101.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330575/; classtype:trojan-activity;sid:81193675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"188.26.100.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330574/; classtype:trojan-activity;sid:81193674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"122.117.245.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330573/; classtype:trojan-activity;sid:81193673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/staple/5166833.zip"; http_uri; depth:19; isdataat:!1,relative; content:"worldfamoustravels.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330572/; classtype:trojan-activity;sid:81193672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.200.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330571/; classtype:trojan-activity;sid:81193671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.110.112.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330570/; classtype:trojan-activity;sid:81193670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.52.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330569/; classtype:trojan-activity;sid:81193669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.182.15.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330568/; classtype:trojan-activity;sid:81193668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.175.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330567/; classtype:trojan-activity;sid:81193667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.130.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330566/; classtype:trojan-activity;sid:81193666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.111.46.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330565/; classtype:trojan-activity;sid:81193665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.131.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330564/; classtype:trojan-activity;sid:81193664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.251.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330563/; classtype:trojan-activity;sid:81193663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.111.46.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330562/; classtype:trojan-activity;sid:81193662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.123.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330561/; classtype:trojan-activity;sid:81193661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.121.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330560/; classtype:trojan-activity;sid:81193660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.75.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330559/; classtype:trojan-activity;sid:81193659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.75.12.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330558/; classtype:trojan-activity;sid:81193658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.52.42.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330557/; classtype:trojan-activity;sid:81193657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shipmenttrack.jar"; http_uri; depth:18; isdataat:!1,relative; content:"totaltrack.ml"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330556/; classtype:trojan-activity;sid:81193656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/delivery/"; http_uri; depth:10; isdataat:!1,relative; content:"eatcitizen.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330555/; classtype:trojan-activity;sid:81193655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bot.dll"; http_uri; depth:8; isdataat:!1,relative; content:"nonnewspaper.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330554/; classtype:trojan-activity;sid:81193654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/slgters.exe"; http_uri; depth:12; isdataat:!1,relative; content:"nonnewspaper.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330553/; classtype:trojan-activity;sid:81193653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe1.c1"; http_uri; depth:10; isdataat:!1,relative; content:"nonnewspaper.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330552/; classtype:trojan-activity;sid:81193652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2/redi.php"; http_uri; depth:11; isdataat:!1,relative; content:"newactdoconline.3utilities.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330551/; classtype:trojan-activity;sid:81193651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/redi.php"; http_uri; depth:9; isdataat:!1,relative; content:"newactdoconline.3utilities.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330550/; classtype:trojan-activity;sid:81193650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/a7wseqam"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330549/; classtype:trojan-activity;sid:81193649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0ju3nr6u"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330548/; classtype:trojan-activity;sid:81193648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/w8nbuj9m"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330547/; classtype:trojan-activity;sid:81193647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vwk4quxf"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330546/; classtype:trojan-activity;sid:81193646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/twz3fxd2"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330545/; classtype:trojan-activity;sid:81193645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/q51ka2iu"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330544/; classtype:trojan-activity;sid:81193644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1t2yrsqb6pvqinnpavahrhqcpp2unkj52"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330543/; classtype:trojan-activity;sid:81193643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1yxzhbugoulsjjc7dmy8l7h7zoarp3kz2"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330542/; classtype:trojan-activity;sid:81193642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gfunfinytr3.iso"; http_uri; depth:16; isdataat:!1,relative; content:"pastermaster2020.s3.us-east-2.amazonaws.com"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330541/; classtype:trojan-activity;sid:81193641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.botnet"; http_uri; depth:12; isdataat:!1,relative; content:"145.239.234.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330540/; classtype:trojan-activity;sid:81193640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm.botnet"; http_uri; depth:11; isdataat:!1,relative; content:"145.239.234.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330539/; classtype:trojan-activity;sid:81193639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pato.exe"; http_uri; depth:9; isdataat:!1,relative; content:"sroomf70nasiru.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330538/; classtype:trojan-activity;sid:81193638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2/microsoft.vbs"; http_uri; depth:16; isdataat:!1,relative; content:"newactdoconline.3utilities.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330537/; classtype:trojan-activity;sid:81193637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2/microsoft.hta"; http_uri; depth:16; isdataat:!1,relative; content:"newactdoconline.3utilities.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330536/; classtype:trojan-activity;sid:81193636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft.vbs"; http_uri; depth:14; isdataat:!1,relative; content:"newactdoconline.3utilities.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330535/; classtype:trojan-activity;sid:81193635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft.hta"; http_uri; depth:14; isdataat:!1,relative; content:"newactdoconline.3utilities.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330534/; classtype:trojan-activity;sid:81193634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fprl.exe"; http_uri; depth:9; isdataat:!1,relative; content:"owenti.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330533/; classtype:trojan-activity;sid:81193633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"121.186.21.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330532/; classtype:trojan-activity;sid:81193632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.34.49.63"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330531/; classtype:trojan-activity;sid:81193631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/frap.exe"; http_uri; depth:9; isdataat:!1,relative; content:"tamboe.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330530/; classtype:trojan-activity;sid:81193630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1hyqzl5woni6ji4grozp2o5s5jyltwyow"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330529/; classtype:trojan-activity;sid:81193629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ybuhqkahxvbqnnlr2yiuueo5elwtyahu"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330528/; classtype:trojan-activity;sid:81193628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1bia-gjt4epitq5e1iv1bvzqdqnxbyvck"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330527/; classtype:trojan-activity;sid:81193627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oby.bin"; http_uri; depth:8; isdataat:!1,relative; content:"sroomf70nasiru.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330526/; classtype:trojan-activity;sid:81193626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/revslider/admin/product.bin"; http_uri; depth:47; isdataat:!1,relative; content:"biendaoco.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330525/; classtype:trojan-activity;sid:81193625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1zkdilxwmk2inlqsfzktzb4vlndfqyrlj"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330524/; classtype:trojan-activity;sid:81193624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1_l4ijc7buargsp-mmyss5jwzpmhpvgtf"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330523/; classtype:trojan-activity;sid:81193623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1hmtp0sozvgtbml4jne0nnvhvfkof3slo"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330522/; classtype:trojan-activity;sid:81193622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ueb-bsecvg7nw2jzisz05n1v4qg9sxgg"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330521/; classtype:trojan-activity;sid:81193621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=5e332b59b8669416|7c|26|7c|resid=5e332b59b8669416%21230|7c|26|7c|authkey=aflsozn0d6b9duk"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330520/; classtype:trojan-activity;sid:81193620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=2f38368d4bd88c0e|7c|26|7c|resid=2f38368d4bd88c0e!218|7c|26|7c|authkey=alr9sobg6aqqwzg"; http_uri; depth:98; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330519/; classtype:trojan-activity;sid:81193619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/jquery/public/cagefs/bins/rwth67.bin"; http_uri; depth:40; isdataat:!1,relative; content:"ribbonlogistics.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330518/; classtype:trojan-activity;sid:81193618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/well-known/files/rwth67/rwth67.exe"; http_uri; depth:35; isdataat:!1,relative; content:"rudraagrointernational.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330517/; classtype:trojan-activity;sid:81193617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=f79e41c0e32d3314|7c|26|7c|resid=f79e41c0e32d3314%211182|7c|26|7c|authkey=aiqtptberyvlgqk|7c|26|7c|em=2%22"; http_uri; depth:118; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330516/; classtype:trojan-activity;sid:81193616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/z4ywkizu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330515/; classtype:trojan-activity;sid:81193615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/drxejwps"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330514/; classtype:trojan-activity;sid:81193614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/d/1ia3welhtrhs0fe4ag2_o0avkyzi_zupx/viewusp=drive_web"; http_uri; depth:59; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330513/; classtype:trojan-activity;sid:81193613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ia3welhtrhs0fe4ag2_o0avkyzi_zupx"; http_uri; depth:64; isdataat:!1,relative; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330512/; classtype:trojan-activity;sid:81193612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3wqms4s0/logwmsiy-nkgnk.png"; http_uri; depth:28; isdataat:!1,relative; content:"i.postimg.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330511/; classtype:trojan-activity;sid:81193611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/explorer/xx.exe"; http_uri; depth:16; isdataat:!1,relative; content:"systemserverrootmapforfiletrn.duckdns.org"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330510/; classtype:trojan-activity;sid:81193610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/explorer/x.exe"; http_uri; depth:15; isdataat:!1,relative; content:"systemserverrootmapforfiletrn.duckdns.org"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330509/; classtype:trojan-activity;sid:81193609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"vmi361536.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330508/; classtype:trojan-activity;sid:81193608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; content:"vmi361536.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330507/; classtype:trojan-activity;sid:81193607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"vmi361536.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330506/; classtype:trojan-activity;sid:81193606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"vmi361536.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330505/; classtype:trojan-activity;sid:81193605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"vmi361536.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330504/; classtype:trojan-activity;sid:81193604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/growth/bin_encrypted_fd200df.bin"; http_uri; depth:33; isdataat:!1,relative; content:"credoaz.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330503/; classtype:trojan-activity;sid:81193603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/growth/bin_encrypted_8d5d1ff.bin"; http_uri; depth:33; isdataat:!1,relative; content:"credoaz.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330502/; classtype:trojan-activity;sid:81193602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/staple/444444.pnguid=tqbpagmacgbvahmabwbmahqaiabxagkabgbkag8adwbzacaanwagafaacgbvagyazqbzahmaaqbvag4ayqbsacaa"; http_uri; depth:110; isdataat:!1,relative; content:"a.8xcornwall.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330501/; classtype:trojan-activity;sid:81193601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/staple/444444.pnguid=tqbpagmacgbvahmabwbmahqaiabxagkabgbkag8adwbzacaanwagafaacgbvagyazqbzahmaaqbvag4ayqbsacaa"; http_uri; depth:110; isdataat:!1,relative; content:"gdpronline.sk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330500/; classtype:trojan-activity;sid:81193600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.90.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330499/; classtype:trojan-activity;sid:81193599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330498/; classtype:trojan-activity;sid:81193598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.241.171.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330497/; classtype:trojan-activity;sid:81193597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330496/; classtype:trojan-activity;sid:81193596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330495/; classtype:trojan-activity;sid:81193595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.115.46.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330494/; classtype:trojan-activity;sid:81193594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.8.190.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330493/; classtype:trojan-activity;sid:81193593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.215.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330492/; classtype:trojan-activity;sid:81193592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330491/; classtype:trojan-activity;sid:81193591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.243.124.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330490/; classtype:trojan-activity;sid:81193590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.191.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330489/; classtype:trojan-activity;sid:81193589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.x86"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330488/; classtype:trojan-activity;sid:81193588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.spc"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330487/; classtype:trojan-activity;sid:81193587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330486/; classtype:trojan-activity;sid:81193586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330485/; classtype:trojan-activity;sid:81193585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330484/; classtype:trojan-activity;sid:81193584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.mips"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330483/; classtype:trojan-activity;sid:81193583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330482/; classtype:trojan-activity;sid:81193582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330481/; classtype:trojan-activity;sid:81193581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330480/; classtype:trojan-activity;sid:81193580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"45.95.168.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330479/; classtype:trojan-activity;sid:81193579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/911.arm"; http_uri; depth:13; isdataat:!1,relative; content:"45.95.168.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330478/; classtype:trojan-activity;sid:81193578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"123.12.32.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330477/; classtype:trojan-activity;sid:81193577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/staple/72449972.zip"; http_uri; depth:20; isdataat:!1,relative; content:"thew3web.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330476/; classtype:trojan-activity;sid:81193576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/staple/444444.pnguid=tqbpagmacgbvahmabwbmahqaiabxagkabgbkag8adwbzacaanwagafaacgbvagyazqbzahmaaqbvag4ayqbsacaa"; http_uri; depth:110; isdataat:!1,relative; content:"www.kitaair.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330475/; classtype:trojan-activity;sid:81193575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/staple/444444.pnguid=tqbpagmacgbvahmabwbmahqaiabxagkabgbkag8adwbzacaanwagafaacgbvagyazqbzahmaaqbvag4ayqbsacaa"; http_uri; depth:110; isdataat:!1,relative; content:"hotdsk.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330474/; classtype:trojan-activity;sid:81193574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chama1020/do/zip/master"; http_uri; depth:24; isdataat:!1,relative; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330473/; classtype:trojan-activity;sid:81193573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eltakikim/x0qhgz742ctf5nn/gh-pages/vvcf.bmp"; http_uri; depth:44; isdataat:!1,relative; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330472/; classtype:trojan-activity;sid:81193572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1yc4f2gt"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330471/; classtype:trojan-activity;sid:81193571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3zmknrcu"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330470/; classtype:trojan-activity;sid:81193570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/etyw5clh"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330469/; classtype:trojan-activity;sid:81193569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1rquplthtbjtflk138r2n3sjwj_tbzdvl"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330468/; classtype:trojan-activity;sid:81193568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1yhk5fx8-tf7yhu_eayncsbqvcllersdn"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330467/; classtype:trojan-activity;sid:81193567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ae3pizftfepo74hvisnovigoqm0naidl"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330466/; classtype:trojan-activity;sid:81193566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=13e7kr_ymyk26cbf_rupgwu7t-ga7id8e"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330465/; classtype:trojan-activity;sid:81193565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ssmc6sfy"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330464/; classtype:trojan-activity;sid:81193564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tz04fx6m"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330463/; classtype:trojan-activity;sid:81193563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ncm0cpa3"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330462/; classtype:trojan-activity;sid:81193562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/axl42c9j"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330461/; classtype:trojan-activity;sid:81193561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aaeg4df12"; http_uri; depth:10; isdataat:!1,relative; content:"pxdgcvnsb.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330460/; classtype:trojan-activity;sid:81193560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; content:"139.219.8.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330459/; classtype:trojan-activity;sid:81193559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gfunfinytr3.iso"; http_uri; depth:16; isdataat:!1,relative; content:"52.171.138.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330458/; classtype:trojan-activity;sid:81193558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dnalasc90.iso"; http_uri; depth:14; isdataat:!1,relative; content:"160.20.147.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330457/; classtype:trojan-activity;sid:81193557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ultrmaurobox.iso"; http_uri; depth:17; isdataat:!1,relative; content:"45.147.231.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330456/; classtype:trojan-activity;sid:81193556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ultrmauroboxpac007.iso"; http_uri; depth:23; isdataat:!1,relative; content:"45.147.231.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330455/; classtype:trojan-activity;sid:81193555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dnultrach95.iso"; http_uri; depth:16; isdataat:!1,relative; content:"160.20.147.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330454/; classtype:trojan-activity;sid:81193554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mdplstickged.iso"; http_uri; depth:17; isdataat:!1,relative; content:"146.71.87.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330453/; classtype:trojan-activity;sid:81193553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fruitme/putty.exe"; http_uri; depth:18; isdataat:!1,relative; content:"byedtronchgroup.yt"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330452/; classtype:trojan-activity;sid:81193552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uzmod02/uzmod02.exe"; http_uri; depth:20; isdataat:!1,relative; content:"sylvaclouds.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330451/; classtype:trojan-activity;sid:81193551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uzmod03/uzmod03.exe"; http_uri; depth:20; isdataat:!1,relative; content:"sylvaclouds.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330450/; classtype:trojan-activity;sid:81193550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge/20610444.jpg"; http_uri; depth:16; isdataat:!1,relative; content:"posqit.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330449/; classtype:trojan-activity;sid:81193549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1alrypn0nq0fxsgb-2tsc9w-q9arrtq9j"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330448/; classtype:trojan-activity;sid:81193548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3lyrv5c8"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330447/; classtype:trojan-activity;sid:81193547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lwmudmkp"; http_uri; depth:9; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330446/; classtype:trojan-activity;sid:81193546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge/50010378.jpg"; http_uri; depth:16; isdataat:!1,relative; content:"posqit.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330445/; classtype:trojan-activity;sid:81193545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ge/206440.exe"; http_uri; depth:14; isdataat:!1,relative; content:"posqit.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330444/; classtype:trojan-activity;sid:81193544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ticotico3.tar"; http_uri; depth:14; isdataat:!1,relative; content:"35.192.198.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330443/; classtype:trojan-activity;sid:81193543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"190.186.39.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330442/; classtype:trojan-activity;sid:81193542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"78.188.103.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330441/; classtype:trojan-activity;sid:81193541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=19jsraz_xhe4y5hqntee-dtkg_id9aeff"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330440/; classtype:trojan-activity;sid:81193540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=15shnm45obh2i6s3gaioednpi3fcrkwfv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330439/; classtype:trojan-activity;sid:81193539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1_2liur5dyvmletuwbiydtahirle3qrlk"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330438/; classtype:trojan-activity;sid:81193538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/payroll/sheet/government/payroll.rar"; http_uri; depth:37; isdataat:!1,relative; content:"xiangifu.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330437/; classtype:trojan-activity;sid:81193537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y4mwvp-yspj8ow508jgrnauwqq8kuioi6u_mbzmf54wd1bwrdu-j6rudr6intrua3dsyucmedn1s6kw1phjciywjnlfebdt3_lzgg9_kdcl5stxfz-08wcuqm3b_ot0bokhvhp5fogboklroar1r_u_wam0bq5oi8nqtkh6r-qzxn81ng_jlj1zgndytesbsdsm6izqacjwuz6z4-gt67arna/comfirem%20the%20po2020%201.acedownload|7c|26|7c|psid=1"; http_uri; depth:274; isdataat:!1,relative; content:"qippyw.dm.files.1drv.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330436/; classtype:trojan-activity;sid:81193536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gy.exe"; http_uri; depth:7; isdataat:!1,relative; content:"139.219.8.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330435/; classtype:trojan-activity;sid:81193535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fgf"; http_uri; depth:4; isdataat:!1,relative; content:"139.219.8.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330434/; classtype:trojan-activity;sid:81193534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/glt"; http_uri; depth:4; isdataat:!1,relative; content:"139.219.8.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330433/; classtype:trojan-activity;sid:81193533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1rb0li8b6bqfr0jup1e_avqms_ydikvyo"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330432/; classtype:trojan-activity;sid:81193532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1iozaahc8ntlnwjqwtebmm_uu54by40ah"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330431/; classtype:trojan-activity;sid:81193531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1dhy1ofovzf2zvxm93ubngdas0qjm4po6"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330430/; classtype:trojan-activity;sid:81193530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1tfy4frurraj6gbsycuzbkls6vp2kz0ea"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330429/; classtype:trojan-activity;sid:81193529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=10egcrjmqm4zce6asleporrqh7y0hkuod"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330428/; classtype:trojan-activity;sid:81193528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4zlmdvhh"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330427/; classtype:trojan-activity;sid:81193527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fprl.bin"; http_uri; depth:9; isdataat:!1,relative; content:"owenti.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330426/; classtype:trojan-activity;sid:81193526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ov%20vailide%208877635.zip"; http_uri; depth:27; isdataat:!1,relative; content:"finadev-groupe.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330425/; classtype:trojan-activity;sid:81193525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/force/vnc.exe"; http_uri; depth:22; isdataat:!1,relative; content:"cloudpassreset.ga"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330424/; classtype:trojan-activity;sid:81193524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.15.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330423/; classtype:trojan-activity;sid:81193523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.240.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330422/; classtype:trojan-activity;sid:81193522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.25.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330421/; classtype:trojan-activity;sid:81193521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330420/; classtype:trojan-activity;sid:81193520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330419/; classtype:trojan-activity;sid:81193519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330418/; classtype:trojan-activity;sid:81193518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.67.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330417/; classtype:trojan-activity;sid:81193517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.166.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330416/; classtype:trojan-activity;sid:81193516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330415/; classtype:trojan-activity;sid:81193515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"202.98.67.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330414/; classtype:trojan-activity;sid:81193514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.17.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330413/; classtype:trojan-activity;sid:81193513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.84.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330412/; classtype:trojan-activity;sid:81193512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.201.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330411/; classtype:trojan-activity;sid:81193511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.64.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330410/; classtype:trojan-activity;sid:81193510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.47.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330409/; classtype:trojan-activity;sid:81193509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.31.3.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330408/; classtype:trojan-activity;sid:81193508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330407/; classtype:trojan-activity;sid:81193507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.224.124.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330406/; classtype:trojan-activity;sid:81193506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330405/; classtype:trojan-activity;sid:81193505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.88.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330404/; classtype:trojan-activity;sid:81193504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330403/; classtype:trojan-activity;sid:81193503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.120.218.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330402/; classtype:trojan-activity;sid:81193502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/name.exe"; http_uri; depth:9; isdataat:!1,relative; content:"fibercemper.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330401/; classtype:trojan-activity;sid:81193501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0jgtnuyw"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330400/; classtype:trojan-activity;sid:81193500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330399/; classtype:trojan-activity;sid:81193499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/yarn"; http_uri; depth:13; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330398/; classtype:trojan-activity;sid:81193498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330397/; classtype:trojan-activity;sid:81193497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/spc"; http_uri; depth:12; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330396/; classtype:trojan-activity;sid:81193496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330395/; classtype:trojan-activity;sid:81193495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/rtk"; http_uri; depth:12; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330394/; classtype:trojan-activity;sid:81193494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330393/; classtype:trojan-activity;sid:81193493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330392/; classtype:trojan-activity;sid:81193492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330391/; classtype:trojan-activity;sid:81193491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330390/; classtype:trojan-activity;sid:81193490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330389/; classtype:trojan-activity;sid:81193489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330388/; classtype:trojan-activity;sid:81193488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330387/; classtype:trojan-activity;sid:81193487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"144.91.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330386/; classtype:trojan-activity;sid:81193486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330385/; classtype:trojan-activity;sid:81193485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/yarn"; http_uri; depth:13; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330384/; classtype:trojan-activity;sid:81193484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330383/; classtype:trojan-activity;sid:81193483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/spc"; http_uri; depth:12; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330382/; classtype:trojan-activity;sid:81193482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330381/; classtype:trojan-activity;sid:81193481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/rtk"; http_uri; depth:12; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330380/; classtype:trojan-activity;sid:81193480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330379/; classtype:trojan-activity;sid:81193479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330378/; classtype:trojan-activity;sid:81193478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330377/; classtype:trojan-activity;sid:81193477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330376/; classtype:trojan-activity;sid:81193476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330375/; classtype:trojan-activity;sid:81193475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330374/; classtype:trojan-activity;sid:81193474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330373/; classtype:trojan-activity;sid:81193473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"134.122.117.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330372/; classtype:trojan-activity;sid:81193472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330371/; classtype:trojan-activity;sid:81193471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/yarn"; http_uri; depth:13; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330370/; classtype:trojan-activity;sid:81193470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330369/; classtype:trojan-activity;sid:81193469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/spc"; http_uri; depth:12; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330368/; classtype:trojan-activity;sid:81193468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330367/; classtype:trojan-activity;sid:81193467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/rtk"; http_uri; depth:12; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330366/; classtype:trojan-activity;sid:81193466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330365/; classtype:trojan-activity;sid:81193465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330364/; classtype:trojan-activity;sid:81193464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330363/; classtype:trojan-activity;sid:81193463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330362/; classtype:trojan-activity;sid:81193462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330361/; classtype:trojan-activity;sid:81193461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330360/; classtype:trojan-activity;sid:81193460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330359/; classtype:trojan-activity;sid:81193459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; content:"162.243.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330358/; classtype:trojan-activity;sid:81193458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ssh.sh"; http_uri; depth:12; isdataat:!1,relative; content:"167.172.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330357/; classtype:trojan-activity;sid:81193457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jaws.sh"; http_uri; depth:13; isdataat:!1,relative; content:"167.172.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330356/; classtype:trojan-activity;sid:81193456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.x86"; http_uri; depth:15; isdataat:!1,relative; content:"167.172.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330355/; classtype:trojan-activity;sid:81193455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.spc"; http_uri; depth:15; isdataat:!1,relative; content:"167.172.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330354/; classtype:trojan-activity;sid:81193454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"167.172.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330353/; classtype:trojan-activity;sid:81193453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"167.172.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330352/; classtype:trojan-activity;sid:81193452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"167.172.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330351/; classtype:trojan-activity;sid:81193451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.mips"; http_uri; depth:16; isdataat:!1,relative; content:"167.172.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330350/; classtype:trojan-activity;sid:81193450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"167.172.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330349/; classtype:trojan-activity;sid:81193449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"167.172.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330348/; classtype:trojan-activity;sid:81193448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"167.172.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330347/; classtype:trojan-activity;sid:81193447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"167.172.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330346/; classtype:trojan-activity;sid:81193446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.arm"; http_uri; depth:15; isdataat:!1,relative; content:"167.172.153.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330345/; classtype:trojan-activity;sid:81193445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330344/; classtype:trojan-activity;sid:81193444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/yarn"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330343/; classtype:trojan-activity;sid:81193443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330342/; classtype:trojan-activity;sid:81193442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/spc"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330341/; classtype:trojan-activity;sid:81193441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330340/; classtype:trojan-activity;sid:81193440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/rtk"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330339/; classtype:trojan-activity;sid:81193439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330338/; classtype:trojan-activity;sid:81193438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330337/; classtype:trojan-activity;sid:81193437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330336/; classtype:trojan-activity;sid:81193436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330335/; classtype:trojan-activity;sid:81193435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330334/; classtype:trojan-activity;sid:81193434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330333/; classtype:trojan-activity;sid:81193433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330332/; classtype:trojan-activity;sid:81193432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330331/; classtype:trojan-activity;sid:81193431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"192.3.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330330/; classtype:trojan-activity;sid:81193430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"192.3.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330329/; classtype:trojan-activity;sid:81193429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"192.3.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330328/; classtype:trojan-activity;sid:81193428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330327/; classtype:trojan-activity;sid:81193427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330326/; classtype:trojan-activity;sid:81193426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"192.3.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330325/; classtype:trojan-activity;sid:81193425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330324/; classtype:trojan-activity;sid:81193424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"192.3.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330323/; classtype:trojan-activity;sid:81193423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"192.3.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330322/; classtype:trojan-activity;sid:81193422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"192.3.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330321/; classtype:trojan-activity;sid:81193421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"192.3.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330320/; classtype:trojan-activity;sid:81193420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330319/; classtype:trojan-activity;sid:81193419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eksgbins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"192.3.193.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330318/; classtype:trojan-activity;sid:81193418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnetd"; http_uri; depth:8; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330317/; classtype:trojan-activity;sid:81193417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=265daf943be0d06f|7c|26|7c|resid=265daf943be0d06f%21184|7c|26|7c|authkey=ake2lehtaiwuhro"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330316/; classtype:trojan-activity;sid:81193416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=7adbe662ee891628|7c|26|7c|resid=7adbe662ee891628%21106|7c|26|7c|authkey=akv3fef4crhi310"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330315/; classtype:trojan-activity;sid:81193415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=265daf943be0d06f|7c|26|7c|resid=265daf943be0d06f%21191|7c|26|7c|authkey=ajvumpkzpla_nca"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330314/; classtype:trojan-activity;sid:81193414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=7adbe662ee891628|7c|26|7c|resid=7adbe662ee891628%21107|7c|26|7c|authkey=ajz4a8gtlojtg8g"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330313/; classtype:trojan-activity;sid:81193413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=4ea578f7eeda4be5|7c|26|7c|resid=4ea578f7eeda4be5%21109|7c|26|7c|authkey=aakjgrnc1esvmkk"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330312/; classtype:trojan-activity;sid:81193412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=265daf943be0d06f|7c|26|7c|resid=265daf943be0d06f%21179|7c|26|7c|authkey=aayq6tuxscqlwci"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330311/; classtype:trojan-activity;sid:81193411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1-6ie0bzm4nf52jaq0tkuooe70s5sgpxw"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330310/; classtype:trojan-activity;sid:81193410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1tmszb6g73vr2wtbuxbh0bpsx48n_nznf"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330309/; classtype:trojan-activity;sid:81193409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1dakdlrgddfyfbc_i-9e6jyecmdab5emz"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330308/; classtype:trojan-activity;sid:81193408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mwh0yrlw"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330307/; classtype:trojan-activity;sid:81193407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1nnld2yntgdrp6knvitbpo88z6tpcc1a_"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330306/; classtype:trojan-activity;sid:81193406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/explorer/sam.exe"; http_uri; depth:17; isdataat:!1,relative; content:"systemserverrootmapforfiletrn.duckdns.org"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330305/; classtype:trojan-activity;sid:81193405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/explorer/moni.exe"; http_uri; depth:18; isdataat:!1,relative; content:"systemserverrootmapforfiletrn.duckdns.org"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330304/; classtype:trojan-activity;sid:81193404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/explorer/mic.exe"; http_uri; depth:17; isdataat:!1,relative; content:"systemserverrootmapforfiletrn.duckdns.org"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330303/; classtype:trojan-activity;sid:81193403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/explorer/lov.exe"; http_uri; depth:17; isdataat:!1,relative; content:"systemserverrootmapforfiletrn.duckdns.org"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330302/; classtype:trojan-activity;sid:81193402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/explorer/green.exe"; http_uri; depth:19; isdataat:!1,relative; content:"systemserverrootmapforfiletrn.duckdns.org"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330301/; classtype:trojan-activity;sid:81193401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/explorer/black.exe"; http_uri; depth:19; isdataat:!1,relative; content:"systemserverrootmapforfiletrn.duckdns.org"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330300/; classtype:trojan-activity;sid:81193400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/explorer/bd.exe"; http_uri; depth:16; isdataat:!1,relative; content:"systemserverrootmapforfiletrn.duckdns.org"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330299/; classtype:trojan-activity;sid:81193399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/explorer/bads.exe"; http_uri; depth:18; isdataat:!1,relative; content:"systemserverrootmapforfiletrn.duckdns.org"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330298/; classtype:trojan-activity;sid:81193398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kuskrrl2"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330297/; classtype:trojan-activity;sid:81193397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/8kbrsnuc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330296/; classtype:trojan-activity;sid:81193396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/revslider/admin/eerui.bin"; http_uri; depth:45; isdataat:!1,relative; content:"biendaoco.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330295/; classtype:trojan-activity;sid:81193395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1szcacqmiefzqoba8hnmgiospt4qanhj5"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330294/; classtype:trojan-activity;sid:81193394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1rws3pmo4hvd9wei3h0goqzbyy9i7x3p2"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330293/; classtype:trojan-activity;sid:81193393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/~zadmin/ecloud/freg_encrypted_ab25a8f.bin"; http_uri; depth:42; isdataat:!1,relative; content:"castmart.ga"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330292/; classtype:trojan-activity;sid:81193392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1jh6qs4ffz0z0ndtsfvch3hzbpqwciktv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330291/; classtype:trojan-activity;sid:81193391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=17n-ncib56sulnvl9mwgeez-mklnlddim"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330290/; classtype:trojan-activity;sid:81193390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=18h_mkt7k07uymylju38hhdu60fsheu9v"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330289/; classtype:trojan-activity;sid:81193389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1mxj0b39yakpefoghesqoalgg7djfxzfm"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330288/; classtype:trojan-activity;sid:81193388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1/redi.php"; http_uri; depth:11; isdataat:!1,relative; content:"newactdoconline.3utilities.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330287/; classtype:trojan-activity;sid:81193387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1/microsoft.vbs"; http_uri; depth:16; isdataat:!1,relative; content:"newactdoconline.3utilities.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330286/; classtype:trojan-activity;sid:81193386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1/microsoft.hta"; http_uri; depth:16; isdataat:!1,relative; content:"newactdoconline.3utilities.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330285/; classtype:trojan-activity;sid:81193385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cafilez/cafilez.exe"; http_uri; depth:20; isdataat:!1,relative; content:"sylvaclouds.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330284/; classtype:trojan-activity;sid:81193384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/anyisouthz/anyisouthz.exe"; http_uri; depth:26; isdataat:!1,relative; content:"sylvaclouds.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330283/; classtype:trojan-activity;sid:81193383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/billiz/billiz.exe"; http_uri; depth:18; isdataat:!1,relative; content:"sylvaclouds.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330282/; classtype:trojan-activity;sid:81193382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2q38ge9f"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330281/; classtype:trojan-activity;sid:81193381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.126.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330280/; classtype:trojan-activity;sid:81193380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.67.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330279/; classtype:trojan-activity;sid:81193379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.157.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330278/; classtype:trojan-activity;sid:81193378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.73.188.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330277/; classtype:trojan-activity;sid:81193377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.188.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330276/; classtype:trojan-activity;sid:81193376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330275/; classtype:trojan-activity;sid:81193375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.156.33.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330274/; classtype:trojan-activity;sid:81193374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330273/; classtype:trojan-activity;sid:81193373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330272/; classtype:trojan-activity;sid:81193372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.233.145.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330271/; classtype:trojan-activity;sid:81193371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"140.237.255.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330270/; classtype:trojan-activity;sid:81193370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.75.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330269/; classtype:trojan-activity;sid:81193369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.224.88.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330268/; classtype:trojan-activity;sid:81193368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; content:"45.84.196.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330267/; classtype:trojan-activity;sid:81193367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; content:"45.84.196.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330266/; classtype:trojan-activity;sid:81193366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; content:"45.84.196.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330265/; classtype:trojan-activity;sid:81193365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; content:"45.84.196.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330264/; classtype:trojan-activity;sid:81193364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; content:"45.84.196.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330263/; classtype:trojan-activity;sid:81193363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; content:"45.84.196.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330262/; classtype:trojan-activity;sid:81193362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; content:"45.84.196.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330261/; classtype:trojan-activity;sid:81193361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chung/chung.exe"; http_uri; depth:16; isdataat:!1,relative; content:"sylvaclouds.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330260/; classtype:trojan-activity;sid:81193360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ya6dzax1"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330259/; classtype:trojan-activity;sid:81193359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dhltracking.iso"; http_uri; depth:16; isdataat:!1,relative; content:"23.95.18.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330258/; classtype:trojan-activity;sid:81193358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/z86neqqa"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330257/; classtype:trojan-activity;sid:81193357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"178.128.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330256/; classtype:trojan-activity;sid:81193356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"178.128.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330255/; classtype:trojan-activity;sid:81193355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"178.128.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330254/; classtype:trojan-activity;sid:81193354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyelbins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"178.128.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330253/; classtype:trojan-activity;sid:81193353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"178.128.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330252/; classtype:trojan-activity;sid:81193352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"178.128.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330251/; classtype:trojan-activity;sid:81193351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"178.128.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330250/; classtype:trojan-activity;sid:81193350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"178.128.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330249/; classtype:trojan-activity;sid:81193349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"178.128.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330248/; classtype:trojan-activity;sid:81193348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"178.128.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330247/; classtype:trojan-activity;sid:81193347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"178.128.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330246/; classtype:trojan-activity;sid:81193346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"178.128.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330245/; classtype:trojan-activity;sid:81193345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"178.128.150.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330244/; classtype:trojan-activity;sid:81193344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1lmrw2lxpkel1xn_yicxd-wvdnfg0bwqy"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330243/; classtype:trojan-activity;sid:81193343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1i3-qe3xqb9dq-fv5zzfz9bflufyhwxjr"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330242/; classtype:trojan-activity;sid:81193342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ak7fd1mtnx8ljtzmwfe4nu8ngwlqni1c"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330241/; classtype:trojan-activity;sid:81193341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1oonghkzg-ggum9tjnmsrcr1rzqz792wl"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330240/; classtype:trojan-activity;sid:81193340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/text/seaals_encrypted_436c8b0.bin"; http_uri; depth:46; isdataat:!1,relative; content:"bondbuild.com.sg"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330239/; classtype:trojan-activity;sid:81193339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ct3fm1jif5km_kw309iefa9lesmbjo_-"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330238/; classtype:trojan-activity;sid:81193338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/errlqf1.botnet"; http_uri; depth:15; isdataat:!1,relative; content:"lol.tf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330237/; classtype:trojan-activity;sid:81193337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/858f9ytc/bq-vrv-srrcirt.png"; http_uri; depth:28; isdataat:!1,relative; content:"i.postimg.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330236/; classtype:trojan-activity;sid:81193336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8kbtvh0w/i-im-tjhjex-zg.png"; http_uri; depth:28; isdataat:!1,relative; content:"i.postimg.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330235/; classtype:trojan-activity;sid:81193335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xdkhxn3p/bzj-mlg-lhc.png"; http_uri; depth:25; isdataat:!1,relative; content:"i.postimg.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330234/; classtype:trojan-activity;sid:81193334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"45.84.196.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330233/; classtype:trojan-activity;sid:81193333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; content:"45.84.196.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330232/; classtype:trojan-activity;sid:81193332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"45.84.196.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330231/; classtype:trojan-activity;sid:81193331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wgkr9arz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330230/; classtype:trojan-activity;sid:81193330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/rock/fire.txt"; http_uri; depth:22; isdataat:!1,relative; content:"cloudpassreset.ga"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330229/; classtype:trojan-activity;sid:81193329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/office/invoice_11152.doc"; http_uri; depth:25; isdataat:!1,relative; content:"investmenteducationkungykmtsdy8agender.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330228/; classtype:trojan-activity;sid:81193328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1m9jqkcc3veptrccbi120dkl3koukxtp1"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330227/; classtype:trojan-activity;sid:81193327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1e2j8uke0mtdzcxogoq81sxwzhq2c9fzu"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330226/; classtype:trojan-activity;sid:81193326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=15c9fzoz2o-ztbr2yzlgdcypftjkz8fwd"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330225/; classtype:trojan-activity;sid:81193325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ltnacxcdaawwl3ot-va8lvn0cqdjonsp"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330224/; classtype:trojan-activity;sid:81193324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=11gsxnbxefe18c1fayv9kpdessdsxuox3"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330223/; classtype:trojan-activity;sid:81193323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=10h9z2tveipsqnsxmnjgnkbhmzhunaarw"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330222/; classtype:trojan-activity;sid:81193322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/toyotas_encrypted_9eade0.bin"; http_uri; depth:29; isdataat:!1,relative; content:"sampsonrobert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330221/; classtype:trojan-activity;sid:81193321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.181.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330220/; classtype:trojan-activity;sid:81193320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.26.114.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330219/; classtype:trojan-activity;sid:81193319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330218/; classtype:trojan-activity;sid:81193318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330217/; classtype:trojan-activity;sid:81193317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.226.174.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330216/; classtype:trojan-activity;sid:81193316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.0.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330215/; classtype:trojan-activity;sid:81193315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.54.128.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330214/; classtype:trojan-activity;sid:81193314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330213/; classtype:trojan-activity;sid:81193313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.84.108.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330212/; classtype:trojan-activity;sid:81193312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.180.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330211/; classtype:trojan-activity;sid:81193311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.78.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330210/; classtype:trojan-activity;sid:81193310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.30.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330209/; classtype:trojan-activity;sid:81193309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/growth/dislipki.txt"; http_uri; depth:20; isdataat:!1,relative; content:"credoaz.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330208/; classtype:trojan-activity;sid:81193308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/growth/bin_encrypted_fd200df.bin"; http_uri; depth:33; isdataat:!1,relative; content:"credoaz.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330207/; classtype:trojan-activity;sid:81193307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/growth/bin_encrypted_8d5d1ff.bin"; http_uri; depth:33; isdataat:!1,relative; content:"credoaz.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330206/; classtype:trojan-activity;sid:81193306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/growth/smldfedtba2.txt"; http_uri; depth:23; isdataat:!1,relative; content:"credoaz.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330205/; classtype:trojan-activity;sid:81193305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1wkee2ptvtn8ha4rx2ddwc30xpt-enr02"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330204/; classtype:trojan-activity;sid:81193304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1zrxx7d7dvnwrynlqkvegp01i7ys5uey4"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330203/; classtype:trojan-activity;sid:81193303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1_uqdotouqfgsclv8prqnfxsdnwikoilw"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330202/; classtype:trojan-activity;sid:81193302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1gpkvcj3tummd1rjvkzbv18ranwa84v2u"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330201/; classtype:trojan-activity;sid:81193301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1atnjexlkexo73ilwnstw6vwicrr9uoy9"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330200/; classtype:trojan-activity;sid:81193300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1zwpcehnn7mci6-9mpqxsilp-2oh1jl4k"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330199/; classtype:trojan-activity;sid:81193299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=16jttmjpcjrejqtr7e2sakulv3wdbzmcv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330198/; classtype:trojan-activity;sid:81193298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/moset.bin"; http_uri; depth:10; isdataat:!1,relative; content:"46.183.223.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330197/; classtype:trojan-activity;sid:81193297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbsales.exe"; http_uri; depth:12; isdataat:!1,relative; content:"46.183.223.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330196/; classtype:trojan-activity;sid:81193296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mo_strnt.exe"; http_uri; depth:13; isdataat:!1,relative; content:"46.183.223.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330195/; classtype:trojan-activity;sid:81193295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qw5.exe"; http_uri; depth:8; isdataat:!1,relative; content:"doha-media.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330194/; classtype:trojan-activity;sid:81193294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1hwr4lzem2t8ontg2l8imoedkbba-7oys"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330193/; classtype:trojan-activity;sid:81193293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1lstvejatztu2pzzsdfsuqms_zp-n-f2x"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330192/; classtype:trojan-activity;sid:81193292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=2f6d9fc711aaa2ac|7c|26|7c|resid=2f6d9fc711aaa2ac%21122|7c|26|7c|authkey=aofsne4m5denzuc"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330191/; classtype:trojan-activity;sid:81193291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1r5fdrzxcgg2rafqwsoorwq_yy1_dmscl"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330190/; classtype:trojan-activity;sid:81193290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1of-c-1gchs221frshd4anqooqn6p8ym4"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330189/; classtype:trojan-activity;sid:81193289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=4ea578f7eeda4be5|7c|26|7c|resid=4ea578f7eeda4be5%21108|7c|26|7c|authkey=akx7dzotj-dos70"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330188/; classtype:trojan-activity;sid:81193288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1wn7nfryv-tgzvpoxv0ycbb-4umpcmxen"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330187/; classtype:trojan-activity;sid:81193287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/~zadmin/ecloud/apsbe_encrypted_a983aff.bin"; http_uri; depth:43; isdataat:!1,relative; content:"castmart.ga"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330186/; classtype:trojan-activity;sid:81193286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/toyotas_encrypted_9eade0.bin"; http_uri; depth:29; isdataat:!1,relative; content:"sampsonrobert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330185/; classtype:trojan-activity;sid:81193285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/toyota_encrypted_851d62f.bin"; http_uri; depth:29; isdataat:!1,relative; content:"sampsonrobert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330184/; classtype:trojan-activity;sid:81193284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mytaxfile_pdf.zip"; http_uri; depth:18; isdataat:!1,relative; content:"sampsonrobert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330183/; classtype:trojan-activity;sid:81193283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/treskiftsarbejders.exe"; http_uri; depth:23; isdataat:!1,relative; content:"sampsonrobert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330182/; classtype:trojan-activity;sid:81193282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/henstandens.exe"; http_uri; depth:16; isdataat:!1,relative; content:"sampsonrobert.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330181/; classtype:trojan-activity;sid:81193281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"49.119.189.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330180/; classtype:trojan-activity;sid:81193280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mix.exe"; http_uri; depth:8; isdataat:!1,relative; content:"yubz.net"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330179/; classtype:trojan-activity;sid:81193279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; content:"49.116.183.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330178/; classtype:trojan-activity;sid:81193278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iy/5607087.exe"; http_uri; depth:15; isdataat:!1,relative; content:"posqit.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330177/; classtype:trojan-activity;sid:81193277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.0.78.18"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330176/; classtype:trojan-activity;sid:81193276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"181.167.251.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330175/; classtype:trojan-activity;sid:81193275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330174/; classtype:trojan-activity;sid:81193274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/me_encrypted_3f1dde0.bin"; http_uri; depth:27; isdataat:!1,relative; content:"mwrc.ca"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330173/; classtype:trojan-activity;sid:81193273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=0f0a5aadc4c3c242|7c|26|7c|resid=f0a5aadc4c3c242%21309|7c|26|7c|authkey=alfe36drai1zmwc"; http_uri; depth:99; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330172/; classtype:trojan-activity;sid:81193272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=dde26285195864b8|7c|26|7c|resid=dde26285195864b8%21361|7c|26|7c|authkey=aeqvkies2uv-tmi"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330171/; classtype:trojan-activity;sid:81193271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1mhdvi3wqbt1jphd82aierd7jpn0flpjf"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330170/; classtype:trojan-activity;sid:81193270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1o11gmygeqx9q7uyzx8kvvthnzxdf_ow9"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330169/; classtype:trojan-activity;sid:81193269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/rtk"; http_uri; depth:12; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330168/; classtype:trojan-activity;sid:81193268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330167/; classtype:trojan-activity;sid:81193267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330166/; classtype:trojan-activity;sid:81193266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330165/; classtype:trojan-activity;sid:81193265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330164/; classtype:trojan-activity;sid:81193264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330163/; classtype:trojan-activity;sid:81193263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330162/; classtype:trojan-activity;sid:81193262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330161/; classtype:trojan-activity;sid:81193261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm5"; http_uri; depth:13; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330160/; classtype:trojan-activity;sid:81193260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330159/; classtype:trojan-activity;sid:81193259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uc/i686"; http_uri; depth:8; isdataat:!1,relative; content:"185.172.110.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330158/; classtype:trojan-activity;sid:81193258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330157/; classtype:trojan-activity;sid:81193257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/yarn"; http_uri; depth:13; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330156/; classtype:trojan-activity;sid:81193256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330155/; classtype:trojan-activity;sid:81193255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/spc"; http_uri; depth:12; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330154/; classtype:trojan-activity;sid:81193254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; content:"157.245.253.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330153/; classtype:trojan-activity;sid:81193253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"46.146.113.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330152/; classtype:trojan-activity;sid:81193252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; content:"45.84.196.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330151/; classtype:trojan-activity;sid:81193251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wf2cnx7z"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330150/; classtype:trojan-activity;sid:81193250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/"; http_uri; depth:10; isdataat:!1,relative; content:"23.95.18.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330149/; classtype:trojan-activity;sid:81193249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.81.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330148/; classtype:trojan-activity;sid:81193248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330147/; classtype:trojan-activity;sid:81193247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.1.183"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330146/; classtype:trojan-activity;sid:81193246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330145/; classtype:trojan-activity;sid:81193245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.233.22.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330144/; classtype:trojan-activity;sid:81193244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330143/; classtype:trojan-activity;sid:81193243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.222.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330142/; classtype:trojan-activity;sid:81193242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.239.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330141/; classtype:trojan-activity;sid:81193241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330140/; classtype:trojan-activity;sid:81193240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.112.197.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330139/; classtype:trojan-activity;sid:81193239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.61.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330138/; classtype:trojan-activity;sid:81193238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330137/; classtype:trojan-activity;sid:81193237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.5.125.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330136/; classtype:trojan-activity;sid:81193236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.242.182.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330135/; classtype:trojan-activity;sid:81193235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.155.4.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330134/; classtype:trojan-activity;sid:81193234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.248.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330133/; classtype:trojan-activity;sid:81193233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.206.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330132/; classtype:trojan-activity;sid:81193232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.115.33.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330131/; classtype:trojan-activity;sid:81193231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.173.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330130/; classtype:trojan-activity;sid:81193230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.123.92.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330129/; classtype:trojan-activity;sid:81193229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.209.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330128/; classtype:trojan-activity;sid:81193228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.76.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330127/; classtype:trojan-activity;sid:81193227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/plugins/files/elb.exe"; http_uri; depth:26; isdataat:!1,relative; content:"thungracmoitruong.com.vn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330126/; classtype:trojan-activity;sid:81193226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0qdbtmyc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330125/; classtype:trojan-activity;sid:81193225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.i686"; http_uri; depth:11; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330124/; classtype:trojan-activity;sid:81193224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330123/; classtype:trojan-activity;sid:81193223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.i586"; http_uri; depth:11; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330122/; classtype:trojan-activity;sid:81193222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.x86"; http_uri; depth:10; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330121/; classtype:trojan-activity;sid:81193221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330120/; classtype:trojan-activity;sid:81193220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330119/; classtype:trojan-activity;sid:81193219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.mipsel"; http_uri; depth:13; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330118/; classtype:trojan-activity;sid:81193218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/[cpu]"; http_uri; depth:6; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330117/; classtype:trojan-activity;sid:81193217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330116/; classtype:trojan-activity;sid:81193216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.armv61"; http_uri; depth:13; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330115/; classtype:trojan-activity;sid:81193215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330114/; classtype:trojan-activity;sid:81193214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330113/; classtype:trojan-activity;sid:81193213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ayedz.mips"; http_uri; depth:11; isdataat:!1,relative; content:"194.15.36.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330112/; classtype:trojan-activity;sid:81193212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.124.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330111/; classtype:trojan-activity;sid:81193211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330110/; classtype:trojan-activity;sid:81193210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.55.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330109/; classtype:trojan-activity;sid:81193209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.175.251.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330108/; classtype:trojan-activity;sid:81193208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"118.112.200.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330107/; classtype:trojan-activity;sid:81193207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.51.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330106/; classtype:trojan-activity;sid:81193206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.123.224.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330105/; classtype:trojan-activity;sid:81193205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.214.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330104/; classtype:trojan-activity;sid:81193204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330103/; classtype:trojan-activity;sid:81193203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"86.35.221.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330102/; classtype:trojan-activity;sid:81193202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"64.53.172.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330101/; classtype:trojan-activity;sid:81193201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"175.202.71.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330100/; classtype:trojan-activity;sid:81193200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.132.105.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330099/; classtype:trojan-activity;sid:81193199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/remittance.scr"; http_uri; depth:15; isdataat:!1,relative; content:"engiesen.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330098/; classtype:trojan-activity;sid:81193198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paymen/"; http_uri; depth:8; isdataat:!1,relative; content:"kresidences.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330097/; classtype:trojan-activity;sid:81193197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+-"; http_uri; depth:12; isdataat:!1,relative; content:"182.113.58.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330096/; classtype:trojan-activity;sid:81193196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"218.148.170.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330095/; classtype:trojan-activity;sid:81193195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.229.231.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330094/; classtype:trojan-activity;sid:81193194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.50.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330093/; classtype:trojan-activity;sid:81193193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.11.195.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330092/; classtype:trojan-activity;sid:81193192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.28.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330091/; classtype:trojan-activity;sid:81193191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.1.86.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330090/; classtype:trojan-activity;sid:81193190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.76.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330089/; classtype:trojan-activity;sid:81193189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.68.2.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330088/; classtype:trojan-activity;sid:81193188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.20.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330087/; classtype:trojan-activity;sid:81193187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330086/; classtype:trojan-activity;sid:81193186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.13.120.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330085/; classtype:trojan-activity;sid:81193185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330084/; classtype:trojan-activity;sid:81193184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.156.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330083/; classtype:trojan-activity;sid:81193183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.190.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330082/; classtype:trojan-activity;sid:81193182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.149.138.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330081/; classtype:trojan-activity;sid:81193181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.221.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330080/; classtype:trojan-activity;sid:81193180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.149.10.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330079/; classtype:trojan-activity;sid:81193179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.123.187.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330078/; classtype:trojan-activity;sid:81193178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"70.91.56.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330077/; classtype:trojan-activity;sid:81193177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.123.251.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330076/; classtype:trojan-activity;sid:81193176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.255.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330075/; classtype:trojan-activity;sid:81193175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.125.129.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_26; reference:url, urlhaus.abuse.ch/url/330074/; classtype:trojan-activity;sid:81193174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; content:"115.48.129.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330073/; classtype:trojan-activity;sid:81193173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j6xlusz1"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330072/; classtype:trojan-activity;sid:81193172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a|7c|3b|7c|chmod+777+mozi.a|7c|3b|7c|/tmp/mozi.a+jaws"; http_uri; depth:59; isdataat:!1,relative; content:"222.187.138.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330071/; classtype:trojan-activity;sid:81193171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"189.69.63.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330070/; classtype:trojan-activity;sid:81193170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gjstarx1"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330069/; classtype:trojan-activity;sid:81193169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/518533791204245506/691938133347926066/coronavirus.dll"; http_uri; depth:66; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330068/; classtype:trojan-activity;sid:81193168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+-"; http_uri; depth:12; isdataat:!1,relative; content:"111.43.223.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330067/; classtype:trojan-activity;sid:81193167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; content:"ovh120.esagames.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330066/; classtype:trojan-activity;sid:81193166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"hwsrv-705252.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330065/; classtype:trojan-activity;sid:81193165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"ovh120.esagames.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330064/; classtype:trojan-activity;sid:81193164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"hwsrv-705252.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330063/; classtype:trojan-activity;sid:81193163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"hwsrv-705252.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330062/; classtype:trojan-activity;sid:81193162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"ovh120.esagames.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330061/; classtype:trojan-activity;sid:81193161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"ovh120.esagames.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330060/; classtype:trojan-activity;sid:81193160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"ovh120.esagames.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330059/; classtype:trojan-activity;sid:81193159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.spc"; http_uri; depth:15; isdataat:!1,relative; content:"hwsrv-705252.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330058/; classtype:trojan-activity;sid:81193158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"hwsrv-705252.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330057/; classtype:trojan-activity;sid:81193157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"ovh120.esagames.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330056/; classtype:trojan-activity;sid:81193156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"hwsrv-705252.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330055/; classtype:trojan-activity;sid:81193155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.160.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330054/; classtype:trojan-activity;sid:81193154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.164.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330053/; classtype:trojan-activity;sid:81193153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.210.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330052/; classtype:trojan-activity;sid:81193152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.61.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330051/; classtype:trojan-activity;sid:81193151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330050/; classtype:trojan-activity;sid:81193150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330049/; classtype:trojan-activity;sid:81193149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.116.224.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330048/; classtype:trojan-activity;sid:81193148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330047/; classtype:trojan-activity;sid:81193147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.162.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330046/; classtype:trojan-activity;sid:81193146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330045/; classtype:trojan-activity;sid:81193145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330044/; classtype:trojan-activity;sid:81193144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330043/; classtype:trojan-activity;sid:81193143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330042/; classtype:trojan-activity;sid:81193142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.111.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330041/; classtype:trojan-activity;sid:81193141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330040/; classtype:trojan-activity;sid:81193140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.armv6"; http_uri; depth:13; isdataat:!1,relative; content:"64.156.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330039/; classtype:trojan-activity;sid:81193139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.sh"; http_uri; depth:10; isdataat:!1,relative; content:"64.156.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330038/; classtype:trojan-activity;sid:81193138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.i586"; http_uri; depth:12; isdataat:!1,relative; content:"64.156.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330037/; classtype:trojan-activity;sid:81193137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.i686"; http_uri; depth:12; isdataat:!1,relative; content:"64.156.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330036/; classtype:trojan-activity;sid:81193136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.m86k"; http_uri; depth:12; isdataat:!1,relative; content:"64.156.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330035/; classtype:trojan-activity;sid:81193135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.powerpc"; http_uri; depth:15; isdataat:!1,relative; content:"64.156.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330034/; classtype:trojan-activity;sid:81193134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.armv5"; http_uri; depth:13; isdataat:!1,relative; content:"64.156.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330033/; classtype:trojan-activity;sid:81193133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.mips"; http_uri; depth:12; isdataat:!1,relative; content:"64.156.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330032/; classtype:trojan-activity;sid:81193132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"64.156.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330031/; classtype:trojan-activity;sid:81193131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.armv4"; http_uri; depth:13; isdataat:!1,relative; content:"64.156.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330030/; classtype:trojan-activity;sid:81193130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.x86"; http_uri; depth:11; isdataat:!1,relative; content:"64.156.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330029/; classtype:trojan-activity;sid:81193129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.sparc"; http_uri; depth:13; isdataat:!1,relative; content:"64.156.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330028/; classtype:trojan-activity;sid:81193128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arceus.mipsel"; http_uri; depth:14; isdataat:!1,relative; content:"64.156.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330027/; classtype:trojan-activity;sid:81193127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/corona.js"; http_uri; depth:10; isdataat:!1,relative; content:"45.76.189.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330026/; classtype:trojan-activity;sid:81193126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"ovh120.esagames.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330025/; classtype:trojan-activity;sid:81193125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"ovh120.esagames.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330024/; classtype:trojan-activity;sid:81193124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; content:"ovh120.esagames.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330023/; classtype:trojan-activity;sid:81193123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"ovh120.esagames.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330022/; classtype:trojan-activity;sid:81193122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; content:"ovh120.esagames.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330021/; classtype:trojan-activity;sid:81193121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.x86"; http_uri; depth:15; isdataat:!1,relative; content:"hwsrv-705252.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330020/; classtype:trojan-activity;sid:81193120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"hwsrv-705252.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330019/; classtype:trojan-activity;sid:81193119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.mips"; http_uri; depth:16; isdataat:!1,relative; content:"hwsrv-705252.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330018/; classtype:trojan-activity;sid:81193118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"hwsrv-705252.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330017/; classtype:trojan-activity;sid:81193117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.arm"; http_uri; depth:15; isdataat:!1,relative; content:"hwsrv-705252.hostwindsdns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330016/; classtype:trojan-activity;sid:81193116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gravedigger//rapethemipcams.x86"; http_uri; depth:32; isdataat:!1,relative; content:"67.207.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330015/; classtype:trojan-activity;sid:81193115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"vmi361540.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330014/; classtype:trojan-activity;sid:81193114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"vmi361540.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330013/; classtype:trojan-activity;sid:81193113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"vmi361540.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330012/; classtype:trojan-activity;sid:81193112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; content:"vmi361540.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330011/; classtype:trojan-activity;sid:81193111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"vmi361540.contaboserver.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330010/; classtype:trojan-activity;sid:81193110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3nu9v5zw"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330009/; classtype:trojan-activity;sid:81193109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/sh_encrypted_f09c70f.bin"; http_uri; depth:27; isdataat:!1,relative; content:"mwrc.ca"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330008/; classtype:trojan-activity;sid:81193108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/me_encrypted_3f1dde0.bin"; http_uri; depth:27; isdataat:!1,relative; content:"mwrc.ca"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330007/; classtype:trojan-activity;sid:81193107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/stigmaticalque.exe"; http_uri; depth:21; isdataat:!1,relative; content:"mwrc.ca"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330006/; classtype:trojan-activity;sid:81193106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/savinesnonsi.exe"; http_uri; depth:19; isdataat:!1,relative; content:"mwrc.ca"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330005/; classtype:trojan-activity;sid:81193105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vph5kv34np1hcodm.doc"; http_uri; depth:21; isdataat:!1,relative; content:"share.dmca.gripe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330004/; classtype:trojan-activity;sid:81193104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1urh290u"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330003/; classtype:trojan-activity;sid:81193103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/specbgga"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330002/; classtype:trojan-activity;sid:81193102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xdqfwtjz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330001/; classtype:trojan-activity;sid:81193101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rqqgcmdh"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/330000/; classtype:trojan-activity;sid:81193100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nemesis.spc"; http_uri; depth:12; isdataat:!1,relative; content:"178.62.243.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329999/; classtype:trojan-activity;sid:81193099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nemesis.sh4"; http_uri; depth:12; isdataat:!1,relative; content:"178.62.243.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329998/; classtype:trojan-activity;sid:81193098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nemesis.ppc"; http_uri; depth:12; isdataat:!1,relative; content:"178.62.243.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329997/; classtype:trojan-activity;sid:81193097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nemesis.mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"178.62.243.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329996/; classtype:trojan-activity;sid:81193096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nemesis.mips"; http_uri; depth:13; isdataat:!1,relative; content:"178.62.243.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329995/; classtype:trojan-activity;sid:81193095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nemesis.m68k"; http_uri; depth:13; isdataat:!1,relative; content:"178.62.243.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329994/; classtype:trojan-activity;sid:81193094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nemesis.arm7"; http_uri; depth:13; isdataat:!1,relative; content:"178.62.243.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329993/; classtype:trojan-activity;sid:81193093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nemesis.arm6"; http_uri; depth:13; isdataat:!1,relative; content:"178.62.243.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329992/; classtype:trojan-activity;sid:81193092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nemesis.x86"; http_uri; depth:12; isdataat:!1,relative; content:"178.62.243.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329991/; classtype:trojan-activity;sid:81193091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329990/; classtype:trojan-activity;sid:81193090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/yarn"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329989/; classtype:trojan-activity;sid:81193089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329988/; classtype:trojan-activity;sid:81193088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/spc"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329987/; classtype:trojan-activity;sid:81193087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329986/; classtype:trojan-activity;sid:81193086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/rtk"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329985/; classtype:trojan-activity;sid:81193085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329984/; classtype:trojan-activity;sid:81193084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329983/; classtype:trojan-activity;sid:81193083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329982/; classtype:trojan-activity;sid:81193082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329981/; classtype:trojan-activity;sid:81193081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329980/; classtype:trojan-activity;sid:81193080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329979/; classtype:trojan-activity;sid:81193079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329978/; classtype:trojan-activity;sid:81193078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329977/; classtype:trojan-activity;sid:81193077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tec_encrypted_340bd0.bin"; http_uri; depth:25; isdataat:!1,relative; content:"matpincscr.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329976/; classtype:trojan-activity;sid:81193076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/exten/ty1920/ty30.exe"; http_uri; depth:22; isdataat:!1,relative; content:"ptgteft.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329975/; classtype:trojan-activity;sid:81193075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lp.exe"; http_uri; depth:7; isdataat:!1,relative; content:"saidialxo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329974/; classtype:trojan-activity;sid:81193074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/andys_18us_tax.doc"; http_uri; depth:19; isdataat:!1,relative; content:"www.artizaa.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329973/; classtype:trojan-activity;sid:81193073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pm_2019_screen_18_tax_file.doc"; http_uri; depth:31; isdataat:!1,relative; content:"murthydigitals.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329972/; classtype:trojan-activity;sid:81193072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fruitme/putty.exe"; http_uri; depth:18; isdataat:!1,relative; content:"byedtronchgroup.yt"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329971/; classtype:trojan-activity;sid:81193071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1wm60enucsr01wn2e0sbh3y3ipiw1gf3b"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329970/; classtype:trojan-activity;sid:81193070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/~zadmin/icloud/lan_encrypted_4d9fbb0.bin"; http_uri; depth:41; isdataat:!1,relative; content:"castmart.ga"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329969/; classtype:trojan-activity;sid:81193069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1wjx8xtgpzcremiyuakwgv_akzn8bu2tk"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329968/; classtype:trojan-activity;sid:81193068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ub6qphvqz1ncte-dxt9wp23lj6ddf2nv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329967/; classtype:trojan-activity;sid:81193067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/sh_encrypted_f09c70f.bin"; http_uri; depth:27; isdataat:!1,relative; content:"mwrc.ca"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329966/; classtype:trojan-activity;sid:81193066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/testcoapp.zip"; http_uri; depth:14; isdataat:!1,relative; content:"masry-corona.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329965/; classtype:trojan-activity;sid:81193065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uegl9jtg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329964/; classtype:trojan-activity;sid:81193064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329963/; classtype:trojan-activity;sid:81193063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.214.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329962/; classtype:trojan-activity;sid:81193062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329961/; classtype:trojan-activity;sid:81193061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.35.161.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329960/; classtype:trojan-activity;sid:81193060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329959/; classtype:trojan-activity;sid:81193059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.9.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329958/; classtype:trojan-activity;sid:81193058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.44.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329957/; classtype:trojan-activity;sid:81193057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.116.18.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329956/; classtype:trojan-activity;sid:81193056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.205.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329955/; classtype:trojan-activity;sid:81193055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.62.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329954/; classtype:trojan-activity;sid:81193054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329953/; classtype:trojan-activity;sid:81193053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.47.238.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329952/; classtype:trojan-activity;sid:81193052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329951/; classtype:trojan-activity;sid:81193051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.171.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329950/; classtype:trojan-activity;sid:81193050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.28.98.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329949/; classtype:trojan-activity;sid:81193049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"89.148.234.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329948/; classtype:trojan-activity;sid:81193048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.97.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329947/; classtype:trojan-activity;sid:81193047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mwb56ziv"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329946/; classtype:trojan-activity;sid:81193046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kungdoc/winlog.exe"; http_uri; depth:19; isdataat:!1,relative; content:"investmenteducationkungykmtsdy8agender.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329945/; classtype:trojan-activity;sid:81193045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.13.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329944/; classtype:trojan-activity;sid:81193044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/a4rmx38e"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329943/; classtype:trojan-activity;sid:81193043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=1491235303209d1a|7c|26|7c|resid=1491235303209d1a%21121|7c|26|7c|authkey=akbsiybh-hfxayu"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329942/; classtype:trojan-activity;sid:81193042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/byq2kmnt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329941/; classtype:trojan-activity;sid:81193041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/llq5gk"; http_uri; depth:14; isdataat:!1,relative; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329940/; classtype:trojan-activity;sid:81193040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/euzbalyl"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329939/; classtype:trojan-activity;sid:81193039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/d6fjbcfx"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329938/; classtype:trojan-activity;sid:81193038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"191.13.6.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329937/; classtype:trojan-activity;sid:81193037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; content:"47.63.201.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329936/; classtype:trojan-activity;sid:81193036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; content:"111.224.145.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329935/; classtype:trojan-activity;sid:81193035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; content:"71.79.146.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329934/; classtype:trojan-activity;sid:81193034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; content:"36.38.121.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329933/; classtype:trojan-activity;sid:81193033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; content:"186.159.219.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329932/; classtype:trojan-activity;sid:81193032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; content:"87.11.16.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329931/; classtype:trojan-activity;sid:81193031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/px8v2axs"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329930/; classtype:trojan-activity;sid:81193030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/z3rch4tv"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329929/; classtype:trojan-activity;sid:81193029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/8j6irjvb81hw4lj/visualizar_arquivo43217.zipdl=1"; http_uri; depth:50; isdataat:!1,relative; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329928/; classtype:trojan-activity;sid:81193028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ijlox.exe"; http_uri; depth:10; isdataat:!1,relative; content:"reawl.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329927/; classtype:trojan-activity;sid:81193027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1gwkt4wbr-8huwv8yfb5gzf6jsvjzpscq"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329926/; classtype:trojan-activity;sid:81193026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1yivfis32gpkijwohcn7ktd87mx9u5f1a"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329925/; classtype:trojan-activity;sid:81193025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1pwgsslmjp2wppkev9o_rmvaj5kthjmgv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329924/; classtype:trojan-activity;sid:81193024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/revslider/admin/avalability.bin"; http_uri; depth:51; isdataat:!1,relative; content:"biendaoco.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329923/; classtype:trojan-activity;sid:81193023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vjd7f2js"; http_uri; depth:9; isdataat:!1,relative; content:"gfhudnjv.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329922/; classtype:trojan-activity;sid:81193022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; content:"111.224.145.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329921/; classtype:trojan-activity;sid:81193021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; content:"71.79.146.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329920/; classtype:trojan-activity;sid:81193020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; content:"36.38.121.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329919/; classtype:trojan-activity;sid:81193019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; content:"186.159.219.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329918/; classtype:trojan-activity;sid:81193018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; content:"87.11.16.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329917/; classtype:trojan-activity;sid:81193017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; content:"47.63.201.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329916/; classtype:trojan-activity;sid:81193016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; content:"111.224.145.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329915/; classtype:trojan-activity;sid:81193015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; content:"71.79.146.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329914/; classtype:trojan-activity;sid:81193014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; content:"36.38.121.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329913/; classtype:trojan-activity;sid:81193013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; content:"186.159.219.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329912/; classtype:trojan-activity;sid:81193012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; content:"87.11.16.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329911/; classtype:trojan-activity;sid:81193011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=a8e46532cd212c38|7c|26|7c|resid=a8e46532cd212c38%21136|7c|26|7c|authkey=afqiawx-pinps6m"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329910/; classtype:trojan-activity;sid:81193010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=88e44e2b23d28589|7c|26|7c|resid=88e44e2b23d28589%21120|7c|26|7c|authkey=aoqzbxdcsbmyi1i"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329909/; classtype:trojan-activity;sid:81193009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=22de7fe70990a7f4|7c|26|7c|resid=22de7fe70990a7f4%21185|7c|26|7c|authkey=alxzoqx-dthhdbc"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329908/; classtype:trojan-activity;sid:81193008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.aspxauthkey=%21ae8%2dcjghk5idyty|7c|26|7c|cid=b49de58b11f93798|7c|26|7c|resid=b49de58b11f93798%21112|7c|26|7c|parid=root|7c|26|7c|o=oneup"; http_uri; depth:147; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329907/; classtype:trojan-activity;sid:81193007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.aspxauthkey=%21agzmmcn0fitqqsg|7c|26|7c|cid=b49de58b11f93798|7c|26|7c|resid=b49de58b11f93798%21107|7c|26|7c|parid=root|7c|26|7c|o=oneup"; http_uri; depth:145; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329906/; classtype:trojan-activity;sid:81193006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.143.32.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329905/; classtype:trojan-activity;sid:81193005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.87.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329904/; classtype:trojan-activity;sid:81193004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.250.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329903/; classtype:trojan-activity;sid:81193003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329902/; classtype:trojan-activity;sid:81193002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.169.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329901/; classtype:trojan-activity;sid:81193001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329900/; classtype:trojan-activity;sid:81193000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.234.71.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329899/; classtype:trojan-activity;sid:81192999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.111.34.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329898/; classtype:trojan-activity;sid:81192998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.112.170.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329897/; classtype:trojan-activity;sid:81192997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.228.27.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329896/; classtype:trojan-activity;sid:81192996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329895/; classtype:trojan-activity;sid:81192995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329894/; classtype:trojan-activity;sid:81192994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329893/; classtype:trojan-activity;sid:81192993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329892/; classtype:trojan-activity;sid:81192992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.193.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329891/; classtype:trojan-activity;sid:81192991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329890/; classtype:trojan-activity;sid:81192990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.69.58.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329889/; classtype:trojan-activity;sid:81192989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.100.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329888/; classtype:trojan-activity;sid:81192988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ef6fxw4n"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329887/; classtype:trojan-activity;sid:81192987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nany_encrypted_7e0efb0.bin"; http_uri; depth:27; isdataat:!1,relative; content:"universocientifico.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329886/; classtype:trojan-activity;sid:81192986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1bohkqttvzuartjz3vd-owimitvsabkr6"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329885/; classtype:trojan-activity;sid:81192985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=124adheul7l9-_ea8cxc92pbosdkqq_h8"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329884/; classtype:trojan-activity;sid:81192984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1a3r3afuvmsc48hyfgj2r49mjzcdukssu"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329883/; classtype:trojan-activity;sid:81192983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1tpjdlw4rn0rapt7cigdw04w8l5xhi2im"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329882/; classtype:trojan-activity;sid:81192982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=14c8qfmbkpmipewx2hx33uj45umdh5go9"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329881/; classtype:trojan-activity;sid:81192981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1zjfr1zqffq_8smq53585iw0qmsahrwv4"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329880/; classtype:trojan-activity;sid:81192980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ndpxvyd5"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329879/; classtype:trojan-activity;sid:81192979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1n3gikf4lzlagxoc8fh-koc_kgdi3rr1u"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329878/; classtype:trojan-activity;sid:81192978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=177a1ux3do3sguddqslbv95fiyempjf2x"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329877/; classtype:trojan-activity;sid:81192977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=7adbe662ee891628|7c|26|7c|resid=7adbe662ee891628%21105|7c|26|7c|authkey=agi7uoye8xn-psq"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329876/; classtype:trojan-activity;sid:81192976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1w5pyeerv5otqfgfxu0hlhin1tbw_chfc"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329875/; classtype:trojan-activity;sid:81192975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=e92f4785f2eda385|7c|26|7c|resid=e92f4785f2eda385%21137|7c|26|7c|authkey=adkgykzv8m2ueqy"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329874/; classtype:trojan-activity;sid:81192974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; content:"80.241.212.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329873/; classtype:trojan-activity;sid:81192973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/yarn"; http_uri; depth:13; isdataat:!1,relative; content:"80.241.212.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329872/; classtype:trojan-activity;sid:81192972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/spc"; http_uri; depth:12; isdataat:!1,relative; content:"80.241.212.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329871/; classtype:trojan-activity;sid:81192971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; content:"80.241.212.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329870/; classtype:trojan-activity;sid:81192970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/rtk"; http_uri; depth:12; isdataat:!1,relative; content:"80.241.212.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329869/; classtype:trojan-activity;sid:81192969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; content:"80.241.212.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329868/; classtype:trojan-activity;sid:81192968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; content:"80.241.212.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329867/; classtype:trojan-activity;sid:81192967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"80.241.212.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329866/; classtype:trojan-activity;sid:81192966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"80.241.212.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329865/; classtype:trojan-activity;sid:81192965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; content:"80.241.212.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329864/; classtype:trojan-activity;sid:81192964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"80.241.212.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329863/; classtype:trojan-activity;sid:81192963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; content:"80.241.212.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329862/; classtype:trojan-activity;sid:81192962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"80.241.212.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329861/; classtype:trojan-activity;sid:81192961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gravedigger/rapethemipcams.x86"; http_uri; depth:31; isdataat:!1,relative; content:"67.207.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329860/; classtype:trojan-activity;sid:81192960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gravedigger/rapethemipcams.spc"; http_uri; depth:31; isdataat:!1,relative; content:"67.207.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329859/; classtype:trojan-activity;sid:81192959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gravedigger/rapethemipcams.sh4"; http_uri; depth:31; isdataat:!1,relative; content:"67.207.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329858/; classtype:trojan-activity;sid:81192958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gravedigger/rapethemipcams.ppc"; http_uri; depth:31; isdataat:!1,relative; content:"67.207.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329857/; classtype:trojan-activity;sid:81192957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gravedigger/rapethemipcams.m68k"; http_uri; depth:32; isdataat:!1,relative; content:"67.207.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329856/; classtype:trojan-activity;sid:81192956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gravedigger/rapethemipcams.mpsl"; http_uri; depth:32; isdataat:!1,relative; content:"67.207.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329855/; classtype:trojan-activity;sid:81192955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gravedigger/rapethemipcams.mips"; http_uri; depth:32; isdataat:!1,relative; content:"67.207.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329854/; classtype:trojan-activity;sid:81192954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gravedigger/rapethemipcams.arm7"; http_uri; depth:32; isdataat:!1,relative; content:"67.207.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329853/; classtype:trojan-activity;sid:81192953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gravedigger/rapethemipcams.arm6"; http_uri; depth:32; isdataat:!1,relative; content:"67.207.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329852/; classtype:trojan-activity;sid:81192952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gravedigger/rapethemipcams.arm"; http_uri; depth:31; isdataat:!1,relative; content:"67.207.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329851/; classtype:trojan-activity;sid:81192951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.x86"; http_uri; depth:15; isdataat:!1,relative; content:"23.254.215.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329850/; classtype:trojan-activity;sid:81192950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.spc"; http_uri; depth:15; isdataat:!1,relative; content:"23.254.215.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329849/; classtype:trojan-activity;sid:81192949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"23.254.215.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329848/; classtype:trojan-activity;sid:81192948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"23.254.215.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329847/; classtype:trojan-activity;sid:81192947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"23.254.215.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329846/; classtype:trojan-activity;sid:81192946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.mips"; http_uri; depth:16; isdataat:!1,relative; content:"23.254.215.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329845/; classtype:trojan-activity;sid:81192945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"23.254.215.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329844/; classtype:trojan-activity;sid:81192944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"23.254.215.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329843/; classtype:trojan-activity;sid:81192943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"23.254.215.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329842/; classtype:trojan-activity;sid:81192942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"23.254.215.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329841/; classtype:trojan-activity;sid:81192941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/covid.arm"; http_uri; depth:15; isdataat:!1,relative; content:"23.254.215.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329840/; classtype:trojan-activity;sid:81192940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ssh.sh"; http_uri; depth:12; isdataat:!1,relative; content:"23.254.215.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329839/; classtype:trojan-activity;sid:81192939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jaws.sh"; http_uri; depth:13; isdataat:!1,relative; content:"23.254.215.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329838/; classtype:trojan-activity;sid:81192938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/zte"; http_uri; depth:8; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329837/; classtype:trojan-activity;sid:81192937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/yarn"; http_uri; depth:9; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329836/; classtype:trojan-activity;sid:81192936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/x86"; http_uri; depth:8; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329835/; classtype:trojan-activity;sid:81192935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/spc"; http_uri; depth:8; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329834/; classtype:trojan-activity;sid:81192934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/sh4"; http_uri; depth:8; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329833/; classtype:trojan-activity;sid:81192933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/rtk"; http_uri; depth:8; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329832/; classtype:trojan-activity;sid:81192932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/root"; http_uri; depth:9; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329831/; classtype:trojan-activity;sid:81192931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/ppc"; http_uri; depth:8; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329830/; classtype:trojan-activity;sid:81192930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/mpsl"; http_uri; depth:9; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329829/; classtype:trojan-activity;sid:81192929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/mips"; http_uri; depth:9; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329828/; classtype:trojan-activity;sid:81192928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/m68k"; http_uri; depth:9; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329827/; classtype:trojan-activity;sid:81192927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/arm7"; http_uri; depth:9; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329826/; classtype:trojan-activity;sid:81192926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/arm6"; http_uri; depth:9; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329825/; classtype:trojan-activity;sid:81192925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y91/arm"; http_uri; depth:8; isdataat:!1,relative; content:"176.123.6.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329824/; classtype:trojan-activity;sid:81192924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"134.122.112.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329823/; classtype:trojan-activity;sid:81192923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.spc"; http_uri; depth:15; isdataat:!1,relative; content:"134.122.112.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329822/; classtype:trojan-activity;sid:81192922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"134.122.112.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329821/; classtype:trojan-activity;sid:81192921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"134.122.112.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329820/; classtype:trojan-activity;sid:81192920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"134.122.112.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329819/; classtype:trojan-activity;sid:81192919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mips"; http_uri; depth:16; isdataat:!1,relative; content:"134.122.112.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329818/; classtype:trojan-activity;sid:81192918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"134.122.112.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329817/; classtype:trojan-activity;sid:81192917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"134.122.112.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329816/; classtype:trojan-activity;sid:81192916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"134.122.112.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329815/; classtype:trojan-activity;sid:81192915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"134.122.112.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329814/; classtype:trojan-activity;sid:81192914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm"; http_uri; depth:15; isdataat:!1,relative; content:"134.122.112.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329813/; classtype:trojan-activity;sid:81192913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.x86"; http_uri; depth:24; isdataat:!1,relative; content:"134.122.0.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329812/; classtype:trojan-activity;sid:81192912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.spc"; http_uri; depth:24; isdataat:!1,relative; content:"134.122.0.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329811/; classtype:trojan-activity;sid:81192911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.sh4"; http_uri; depth:24; isdataat:!1,relative; content:"134.122.0.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329810/; classtype:trojan-activity;sid:81192910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.ppc"; http_uri; depth:24; isdataat:!1,relative; content:"134.122.0.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329809/; classtype:trojan-activity;sid:81192909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mpsl"; http_uri; depth:25; isdataat:!1,relative; content:"134.122.0.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329808/; classtype:trojan-activity;sid:81192908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mips"; http_uri; depth:25; isdataat:!1,relative; content:"134.122.0.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329807/; classtype:trojan-activity;sid:81192907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.m68k"; http_uri; depth:25; isdataat:!1,relative; content:"134.122.0.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329806/; classtype:trojan-activity;sid:81192906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm7"; http_uri; depth:25; isdataat:!1,relative; content:"134.122.0.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329805/; classtype:trojan-activity;sid:81192905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm6"; http_uri; depth:25; isdataat:!1,relative; content:"134.122.0.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329804/; classtype:trojan-activity;sid:81192904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm5"; http_uri; depth:25; isdataat:!1,relative; content:"134.122.0.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329803/; classtype:trojan-activity;sid:81192903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm"; http_uri; depth:24; isdataat:!1,relative; content:"134.122.0.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329802/; classtype:trojan-activity;sid:81192902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/internetsonline.txt"; http_uri; depth:39; isdataat:!1,relative; content:"autocarsalonmobil.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329801/; classtype:trojan-activity;sid:81192901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bui/barone_encrypted_65d6640.bin"; http_uri; depth:33; isdataat:!1,relative; content:"sbjadvogados.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329800/; classtype:trojan-activity;sid:81192900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzjd/out-2124065057.hta"; http_uri; depth:24; isdataat:!1,relative; content:"185.242.104.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329799/; classtype:trojan-activity;sid:81192899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wzjd/blodtr.exe"; http_uri; depth:16; isdataat:!1,relative; content:"185.242.104.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329798/; classtype:trojan-activity;sid:81192898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4wcp8kcu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329794/; classtype:trojan-activity;sid:81192894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jlfvrcez"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329793/; classtype:trojan-activity;sid:81192893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ockskxghtvzbiubtb8ugaojowhclesuv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329792/; classtype:trojan-activity;sid:81192892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=4ea578f7eeda4be5|7c|26|7c|resid=4ea578f7eeda4be5%21107|7c|26|7c|authkey=ab0nnxtnfs6dnac"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329791/; classtype:trojan-activity;sid:81192891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ybijzpgx"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329790/; classtype:trojan-activity;sid:81192890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1iun1g5gwjq1u5o24wijo54wbadnhe7f9"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329789/; classtype:trojan-activity;sid:81192889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1lcvsgws5cofxdsxcrh6rjdugsaznmmhe"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329788/; classtype:trojan-activity;sid:81192888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=11f206mr4rsdjnxfixkqnyiqgnbznfhhu"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329787/; classtype:trojan-activity;sid:81192887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1th1rytqaaonr6bndmu06qxtwon1m87je"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329786/; classtype:trojan-activity;sid:81192886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1qrlusb5scb1wr22kax3tjqs5-euppkuo"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329785/; classtype:trojan-activity;sid:81192885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1fa26vtgsatkssdq_up3n6x6scrlpu8r2"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329784/; classtype:trojan-activity;sid:81192884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1_fbq37flld8100h5kzs8j8xzrh3iscf0"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329783/; classtype:trojan-activity;sid:81192883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1-bziubnjmelysajt4ny48nnwrj90coqt"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329782/; classtype:trojan-activity;sid:81192882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=13qgvp1hnxg6agb9w8emjlblgioupjkcp"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329781/; classtype:trojan-activity;sid:81192881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1jcqv6rov06dbzasabr7pg9h6sjcvf5gl"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329780/; classtype:trojan-activity;sid:81192880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1yunr-wrzsn-ldyyvyz-k5jpnlo-wffll"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329779/; classtype:trojan-activity;sid:81192879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1eq7dilak9lk2e52dqlelmb02adqw-62s"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329778/; classtype:trojan-activity;sid:81192878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1gaigniqtaafyyuoqzch6a6bvqomrntef"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329777/; classtype:trojan-activity;sid:81192877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=199vpgxy_jwlad_0giadjabiv-lmt5kzg"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329776/; classtype:trojan-activity;sid:81192876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/fg/formbook_encrypted_a45870.bin"; http_uri; depth:44; isdataat:!1,relative; content:"archerygamesdc.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329775/; classtype:trojan-activity;sid:81192875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=2f6d9fc711aaa2ac|7c|26|7c|resid=2f6d9fc711aaa2ac%21115|7c|26|7c|authkey=apzdxumnzlesa18"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329774/; classtype:trojan-activity;sid:81192874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=2f6d9fc711aaa2ac|7c|26|7c|resid=2f6d9fc711aaa2ac%21117|7c|26|7c|authkey=affqq3sahcemdra"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329773/; classtype:trojan-activity;sid:81192873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/papsa88f.bin"; http_uri; depth:13; isdataat:!1,relative; content:"feelgreatnow.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329772/; classtype:trojan-activity;sid:81192872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=6a1602e410531072|7c|26|7c|resid=6a1602e410531072%21107|7c|26|7c|authkey=aa3x8h6jrnzdu9y"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329771/; classtype:trojan-activity;sid:81192871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1wlw2bt7nzs-_xegjy574wn38w9fm_qc-"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329770/; classtype:trojan-activity;sid:81192870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1eikmwh7cpeipwjpzjlake36spoqpqlsf"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329769/; classtype:trojan-activity;sid:81192869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329768/; classtype:trojan-activity;sid:81192868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/yarn"; http_uri; depth:13; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329767/; classtype:trojan-activity;sid:81192867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329766/; classtype:trojan-activity;sid:81192866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/spc"; http_uri; depth:12; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329765/; classtype:trojan-activity;sid:81192865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329764/; classtype:trojan-activity;sid:81192864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/rtk"; http_uri; depth:12; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329763/; classtype:trojan-activity;sid:81192863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329762/; classtype:trojan-activity;sid:81192862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329761/; classtype:trojan-activity;sid:81192861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329760/; classtype:trojan-activity;sid:81192860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329759/; classtype:trojan-activity;sid:81192859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329758/; classtype:trojan-activity;sid:81192858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329757/; classtype:trojan-activity;sid:81192857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329756/; classtype:trojan-activity;sid:81192856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"89.40.142.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329755/; classtype:trojan-activity;sid:81192855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.188.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329754/; classtype:trojan-activity;sid:81192854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1j1bxmken3fk4lmw4gloskjat1hok-yns"; http_uri; depth:64; isdataat:!1,relative; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329753/; classtype:trojan-activity;sid:81192853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1cdgwmql"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329752/; classtype:trojan-activity;sid:81192852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yrhfwcll"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329751/; classtype:trojan-activity;sid:81192851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329750/; classtype:trojan-activity;sid:81192850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.125.139.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329749/; classtype:trojan-activity;sid:81192849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.148.33.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329748/; classtype:trojan-activity;sid:81192848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329747/; classtype:trojan-activity;sid:81192847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.54.129.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329746/; classtype:trojan-activity;sid:81192846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.92.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329745/; classtype:trojan-activity;sid:81192845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329744/; classtype:trojan-activity;sid:81192844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.119.213.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329743/; classtype:trojan-activity;sid:81192843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.11.212.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329742/; classtype:trojan-activity;sid:81192842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.80.132.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329741/; classtype:trojan-activity;sid:81192841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.57.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329740/; classtype:trojan-activity;sid:81192840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.227.115.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329739/; classtype:trojan-activity;sid:81192839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329738/; classtype:trojan-activity;sid:81192838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.143.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329737/; classtype:trojan-activity;sid:81192837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.190.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329736/; classtype:trojan-activity;sid:81192836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.103.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329735/; classtype:trojan-activity;sid:81192835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329734/; classtype:trojan-activity;sid:81192834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.87.239.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329733/; classtype:trojan-activity;sid:81192833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.68.129.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329732/; classtype:trojan-activity;sid:81192832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"106.104.125.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329731/; classtype:trojan-activity;sid:81192831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1l_uq5lj6vngpqetryc2xc7t_ccn3p5oo"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329730/; classtype:trojan-activity;sid:81192830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1c8tmudp87yun1fl5k1pfwwp2vkmgi9ba"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329729/; classtype:trojan-activity;sid:81192829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1umjuikep3jdgjosonk2fmo7hoh9jnlmx"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329728/; classtype:trojan-activity;sid:81192828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0mx17syg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329727/; classtype:trojan-activity;sid:81192827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ys8zztdxtuskynd62rtcbux-s5i5k3df"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329726/; classtype:trojan-activity;sid:81192826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bui/bin_encrypted_aa2a67f.bin"; http_uri; depth:30; isdataat:!1,relative; content:"sbjadvogados.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329725/; classtype:trojan-activity;sid:81192825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/revslider/admin/pprice.bin"; http_uri; depth:46; isdataat:!1,relative; content:"biendaoco.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329724/; classtype:trojan-activity;sid:81192824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=13dwbookk4umkmafpdeofxylb76mjpccr"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329723/; classtype:trojan-activity;sid:81192823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1tdq8zk_rn3kqpgepooapk3tsbbhyytxu"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329722/; classtype:trojan-activity;sid:81192822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ydh1_li7cpg1abenjw3zvauos3jxjjzb"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329721/; classtype:trojan-activity;sid:81192821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1y5feoi6cqbozabudruu7te7kob0il6is"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329720/; classtype:trojan-activity;sid:81192820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/po1_encrypted_4dd2f00.bin"; http_uri; depth:26; isdataat:!1,relative; content:"ucto-id.cz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329719/; classtype:trojan-activity;sid:81192819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1o1ixk0muudeh6dipmalwqmwqxjdqha2s"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329718/; classtype:trojan-activity;sid:81192818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/sedmjj3w"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329717/; classtype:trojan-activity;sid:81192817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gwbr3aud"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329716/; classtype:trojan-activity;sid:81192816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/510sk2rq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329715/; classtype:trojan-activity;sid:81192815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ebnbdjvu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329714/; classtype:trojan-activity;sid:81192814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c8e0tyzb"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329713/; classtype:trojan-activity;sid:81192813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1xbfd2msdcw6hm2swjxtogmijoiuefkqe"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329712/; classtype:trojan-activity;sid:81192812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1sn3phsxav1fkpyt0j1qcxtxcfstqvlaw"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329711/; classtype:trojan-activity;sid:81192811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nw1.exe"; http_uri; depth:8; isdataat:!1,relative; content:"bnvtfhdfsasd.ug"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329710/; classtype:trojan-activity;sid:81192810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/br1.exe"; http_uri; depth:8; isdataat:!1,relative; content:"bnvtfhdfsasd.ug"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329709/; classtype:trojan-activity;sid:81192809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/az2.exe"; http_uri; depth:8; isdataat:!1,relative; content:"bnvtfhdfsasd.ug"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329708/; classtype:trojan-activity;sid:81192808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/views/wli35ksgitucey4.exe"; http_uri; depth:44; isdataat:!1,relative; content:"robotrade.com.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329707/; classtype:trojan-activity;sid:81192807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.spc"; http_uri; depth:15; isdataat:!1,relative; content:"194.9.70.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329706/; classtype:trojan-activity;sid:81192806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.mips"; http_uri; depth:25; isdataat:!1,relative; content:"159.89.54.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329705/; classtype:trojan-activity;sid:81192805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"167.71.226.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329704/; classtype:trojan-activity;sid:81192804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; content:"51.77.95.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329703/; classtype:trojan-activity;sid:81192803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.arm5"; http_uri; depth:25; isdataat:!1,relative; content:"159.89.54.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329702/; classtype:trojan-activity;sid:81192802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"51.77.95.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329701/; classtype:trojan-activity;sid:81192801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"194.9.70.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329700/; classtype:trojan-activity;sid:81192800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"145.239.136.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329699/; classtype:trojan-activity;sid:81192799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"167.71.226.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329698/; classtype:trojan-activity;sid:81192798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beastmode/b3astmode.m68k"; http_uri; depth:25; isdataat:!1,relative; content:"159.89.54.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329697/; classtype:trojan-activity;sid:81192797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"194.9.70.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329696/; classtype:trojan-activity;sid:81192796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/suckukinjereeeettttttt.arm"; http_uri; depth:32; isdataat:!1,relative; content:"82.118.242.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329695/; classtype:trojan-activity;sid:81192795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"51.77.95.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329694/; classtype:trojan-activity;sid:81192794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"194.9.70.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329693/; classtype:trojan-activity;sid:81192793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"145.239.136.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329692/; classtype:trojan-activity;sid:81192792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"51.77.95.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329691/; classtype:trojan-activity;sid:81192791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/~zadmin/icloud/sfran_encrypted_c963baf.bin"; http_uri; depth:43; isdataat:!1,relative; content:"castmart.ga"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329690/; classtype:trojan-activity;sid:81192790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=8191351450372b91|7c|26|7c|resid=8191351450372b91%21266|7c|26|7c|authkey=adwagntk77w7s0g"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329689/; classtype:trojan-activity;sid:81192789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1yecf-55lvybopss56fjvzz7ffvgagcaa"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329688/; classtype:trojan-activity;sid:81192788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1vrtfllogy2nzcgqzgniwjskzfl5ohxzg"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329687/; classtype:trojan-activity;sid:81192787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1eji9cr_sb0azblwveq5hwh9lcfj35yro"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329686/; classtype:trojan-activity;sid:81192786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1k3bsg2fbud5c9ueyqrt9rhqtvnjxon_3"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329685/; classtype:trojan-activity;sid:81192785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1btvj4oavx8z0ow_gurcw5yev-vcmcqkb"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329684/; classtype:trojan-activity;sid:81192784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.229.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329683/; classtype:trojan-activity;sid:81192783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.3.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329682/; classtype:trojan-activity;sid:81192782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.250.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329681/; classtype:trojan-activity;sid:81192781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.149.10.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329680/; classtype:trojan-activity;sid:81192780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.100.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329679/; classtype:trojan-activity;sid:81192779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329678/; classtype:trojan-activity;sid:81192778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.60.8.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_03_25; reference:url, urlhaus.abuse.ch/url/329677/; classtype:trojan-activity;sid:81192777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.243.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020