################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2019-05-21 19:49:13 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/tyt.exe"; http_uri; depth:20; isdataat:!1,relative; content:"www.kandysupercabsandtours.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199750/; classtype:trojan-activity;sid:81062850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/ttt.exe"; http_uri; depth:20; isdataat:!1,relative; content:"kandysupercabsandtours.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199747/; classtype:trojan-activity;sid:81062847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/tyt.exe"; http_uri; depth:20; isdataat:!1,relative; content:"kandysupercabsandtours.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199746/; classtype:trojan-activity;sid:81062846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/jt2ly-82r1t-uawc/"; http_uri; depth:26; isdataat:!1,relative; content:"rabotkerk.be"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199737/; classtype:trojan-activity;sid:81062837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scan/trrmbcbn/"; http_uri; depth:24; isdataat:!1,relative; content:"adil-darugar.fr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199734/; classtype:trojan-activity;sid:81062834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/ttt.exe"; http_uri; depth:20; isdataat:!1,relative; content:"www.kandysupercabsandtours.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199733/; classtype:trojan-activity;sid:81062833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kzoqb/oil.exe"; http_uri; depth:14; isdataat:!1,relative; content:"82.221.139.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199724/; classtype:trojan-activity;sid:81062824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/c0rft63-7sh4lwp-rskuhl/"; http_uri; depth:49; isdataat:!1,relative; content:"iamzb.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199714/; classtype:trojan-activity;sid:81062814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/rctqjq-n5326-wzslqtb/"; http_uri; depth:31; isdataat:!1,relative; content:"asatc.ovh"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199713/; classtype:trojan-activity;sid:81062813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/l3d74/"; http_uri; depth:7; isdataat:!1,relative; content:"heuveling.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199712/; classtype:trojan-activity;sid:81062812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/medals/oftqcsg954/"; http_uri; depth:19; isdataat:!1,relative; content:"esnconsultants.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199711/; classtype:trojan-activity;sid:81062811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"49.158.191.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199710/; classtype:trojan-activity;sid:81062810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/41tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"www.81tk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199708/; classtype:trojan-activity;sid:81062808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/41tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"27tk.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199707/; classtype:trojan-activity;sid:81062807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/about/gongsijianjie/gongsizizhi/2018/0617/remittance_advice_201905_pdf.jar"; http_uri; depth:77; isdataat:!1,relative; content:"gxzncd.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199706/; classtype:trojan-activity;sid:81062806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/42tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"13878.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199705/; classtype:trojan-activity;sid:81062805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/42tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"13878.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199704/; classtype:trojan-activity;sid:81062804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/flocrypted.exe"; http_uri; depth:15; isdataat:!1,relative; content:"www.starsshipindia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199703/; classtype:trojan-activity;sid:81062803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/41tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"81tk.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199702/; classtype:trojan-activity;sid:81062802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/customize/3"; http_uri; depth:24; isdataat:!1,relative; content:"honestlywoman.com.au"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199701/; classtype:trojan-activity;sid:81062801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; content:"lagoscentralbaptist.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199700/; classtype:trojan-activity;sid:81062800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; content:"hitrovka-studio.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199699/; classtype:trojan-activity;sid:81062799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/really-simple-ssl/3"; http_uri; depth:39; isdataat:!1,relative; content:"bajaringan-tegal.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199698/; classtype:trojan-activity;sid:81062798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/customize/1"; http_uri; depth:24; isdataat:!1,relative; content:"honestlywoman.com.au"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199696/; classtype:trojan-activity;sid:81062796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; content:"lagoscentralbaptist.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199695/; classtype:trojan-activity;sid:81062795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; content:"hitrovka-studio.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199694/; classtype:trojan-activity;sid:81062794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/really-simple-ssl/1"; http_uri; depth:39; isdataat:!1,relative; content:"bajaringan-tegal.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199693/; classtype:trojan-activity;sid:81062793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/h7843u.xlsx"; http_uri; depth:12; isdataat:!1,relative; content:"aspenswimspa.uk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199691/; classtype:trojan-activity;sid:81062791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/install/namu832.exe"; http_uri; depth:20; isdataat:!1,relative; content:"namuvpn.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199683/; classtype:trojan-activity;sid:81062783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/forum3d/c9q8c85-7x79nvt-zefc/"; http_uri; depth:30; isdataat:!1,relative; content:"aio.sakura.ne.jp"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199679/; classtype:trojan-activity;sid:81062779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/01hx-6w7iiy-boqkmey/"; http_uri; depth:30; isdataat:!1,relative; content:"yaxiang1976.com.tw"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199678/; classtype:trojan-activity;sid:81062778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hirlevel/kj8ce-szyqbse-iinoje/"; http_uri; depth:31; isdataat:!1,relative; content:"megfigyel.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199677/; classtype:trojan-activity;sid:81062777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vfao_7pkco0lob-674967226/"; http_uri; depth:26; isdataat:!1,relative; content:"www.slagmite.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199673/; classtype:trojan-activity;sid:81062773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2456983298456/a.mips"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199666/; classtype:trojan-activity;sid:81062766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2456983298456/a.sh4"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199665/; classtype:trojan-activity;sid:81062765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2456983298456/a.sh4"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199664/; classtype:trojan-activity;sid:81062764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2456983298456/a.arm"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199663/; classtype:trojan-activity;sid:81062763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2456983298456/a.ppc"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199662/; classtype:trojan-activity;sid:81062762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2456983298456/a.arm7"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199661/; classtype:trojan-activity;sid:81062761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2456983298456/a.arm6"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199660/; classtype:trojan-activity;sid:81062760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/41tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"94tk.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199656/; classtype:trojan-activity;sid:81062756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/42tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"188338.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199655/; classtype:trojan-activity;sid:81062755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/42tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"www.81tk.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199654/; classtype:trojan-activity;sid:81062754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/42tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"94tk.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199653/; classtype:trojan-activity;sid:81062753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/42tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"27tk.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199652/; classtype:trojan-activity;sid:81062752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/10823hjwdqw.rar"; http_uri; depth:16; isdataat:!1,relative; content:"46.17.42.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199649/; classtype:trojan-activity;sid:81062749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/42tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"188338.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199648/; classtype:trojan-activity;sid:81062748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/new-invoice-56198285/pkst-fmnq/2017-21-sep-17/"; http_uri; depth:47; isdataat:!1,relative; content:"mejalook.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199647/; classtype:trojan-activity;sid:81062747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/travel/86xczz-ky8hi-fbwoyt/"; http_uri; depth:28; isdataat:!1,relative; content:"ksicardo.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199645/; classtype:trojan-activity;sid:81062745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/41tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"13878.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199644/; classtype:trojan-activity;sid:81062744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xyz.123"; http_uri; depth:8; isdataat:!1,relative; content:"officesupport.id"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199643/; classtype:trojan-activity;sid:81062743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/thumbnails/525v731481/"; http_uri; depth:23; isdataat:!1,relative; content:"bike-nomad.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199640/; classtype:trojan-activity;sid:81062740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dichotomy.pngbg=sp41|26|os=twljcm9zb2z0ifdpbmrvd3mgnybqcm9mzxnzaw9uywwgdq0kdq0kdq0kdq0k|26|av="; http_uri; depth:95; isdataat:!1,relative; content:"diesel.nhgreenscapes.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199639/; classtype:trojan-activity;sid:81062739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/build/9631pb-3ndkdr6-ieae/"; http_uri; depth:27; isdataat:!1,relative; content:"tbwysx.cn"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199638/; classtype:trojan-activity;sid:81062738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bmyd-j0qwdr-gwyynxv/"; http_uri; depth:30; isdataat:!1,relative; content:"lejintian.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199637/; classtype:trojan-activity;sid:81062737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/vy24ysx-hdhlv8k-nyuqxqd/"; http_uri; depth:49; isdataat:!1,relative; content:"haovok.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199635/; classtype:trojan-activity;sid:81062735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/xyswwg35509/"; http_uri; depth:18; isdataat:!1,relative; content:"indahtour.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199634/; classtype:trojan-activity;sid:81062734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/i6pygi1-skve9j1-upduf/"; http_uri; depth:47; isdataat:!1,relative; content:"haovok.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199633/; classtype:trojan-activity;sid:81062733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4d4ixle/zxkthq-p764b-mmzxllf/"; http_uri; depth:30; isdataat:!1,relative; content:"songdung.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199632/; classtype:trojan-activity;sid:81062732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bqi776dm_agvux-6816533798/"; http_uri; depth:27; isdataat:!1,relative; content:"llona.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199630/; classtype:trojan-activity;sid:81062730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/products/fsrnztogoa/"; http_uri; depth:21; isdataat:!1,relative; content:"priyainfosys.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199629/; classtype:trojan-activity;sid:81062729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/omrzcaeqs/"; http_uri; depth:19; isdataat:!1,relative; content:"escoder.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199628/; classtype:trojan-activity;sid:81062728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codimwujbt/"; http_uri; depth:12; isdataat:!1,relative; content:"msograteful.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199627/; classtype:trojan-activity;sid:81062727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/bj07f0biw9_0sj91efi-0/"; http_uri; depth:35; isdataat:!1,relative; content:"mireiatorrent.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199626/; classtype:trojan-activity;sid:81062726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/faq/wp3mn-06n4afc-usedfbr/"; http_uri; depth:27; isdataat:!1,relative; content:"ayashige.sakura.ne.jp"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199625/; classtype:trojan-activity;sid:81062725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/v2/iogkxow886/"; http_uri; depth:15; isdataat:!1,relative; content:"169.61.9.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199624/; classtype:trojan-activity;sid:81062724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/data/yrvn-jsbee-qckg/"; http_uri; depth:22; isdataat:!1,relative; content:"fearis.sakura.ne.jp"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199623/; classtype:trojan-activity;sid:81062723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/5oxre-zuektz-igln/"; http_uri; depth:23; isdataat:!1,relative; content:"dog-mdfc.sakura.ne.jp"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199621/; classtype:trojan-activity;sid:81062721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/weibo/erjm9-7dlg8an-zsldtn/"; http_uri; depth:28; isdataat:!1,relative; content:"yk-style.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199620/; classtype:trojan-activity;sid:81062720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/47bd/atyb-h8smk3-qvbbwsh/"; http_uri; depth:26; isdataat:!1,relative; content:"melondisc.co.th"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199619/; classtype:trojan-activity;sid:81062719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2/a.exe"; http_uri; depth:8; isdataat:!1,relative; content:"steamre.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199618/; classtype:trojan-activity;sid:81062718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/30f8i-871i1f1-hcbtiyx/"; http_uri; depth:32; isdataat:!1,relative; content:"travel2njoy.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199617/; classtype:trojan-activity;sid:81062717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/d3q7i2h-uf2cg-etdwftf/"; http_uri; depth:34; isdataat:!1,relative; content:"buxton-inf.derbyshire.sch.uk"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199615/; classtype:trojan-activity;sid:81062715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2456983298456/a.x86"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199614/; classtype:trojan-activity;sid:81062714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199608/; classtype:trojan-activity;sid:81062708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2456983298456/a.ppc"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199606/; classtype:trojan-activity;sid:81062706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2456983298456/a.arm7"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199604/; classtype:trojan-activity;sid:81062704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2456983298456/a.mips"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199599/; classtype:trojan-activity;sid:81062699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2456983298456/a.arm"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199594/; classtype:trojan-activity;sid:81062694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lanisha.ppc"; http_uri; depth:17; isdataat:!1,relative; content:"173.0.52.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199593/; classtype:trojan-activity;sid:81062693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199592/; classtype:trojan-activity;sid:81062692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d907-e9y5h-tahwufs/"; http_uri; depth:20; isdataat:!1,relative; content:"fills.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199590/; classtype:trojan-activity;sid:81062690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.arm"; http_uri; depth:18; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199589/; classtype:trojan-activity;sid:81062689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199578/; classtype:trojan-activity;sid:81062678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199573/; classtype:trojan-activity;sid:81062673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199571/; classtype:trojan-activity;sid:81062671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/classes/89ofu-pyt3kp6-ucnuue/"; http_uri; depth:37; isdataat:!1,relative; content:"warwickvalleyliving.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199569/; classtype:trojan-activity;sid:81062669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wpp-app/co8s3b-3tkel3v-sgew/"; http_uri; depth:29; isdataat:!1,relative; content:"duwon.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199567/; classtype:trojan-activity;sid:81062667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2456983298456/a.x86"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199566/; classtype:trojan-activity;sid:81062666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"2.184.57.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199565/; classtype:trojan-activity;sid:81062665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.x86"; http_uri; depth:18; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199564/; classtype:trojan-activity;sid:81062664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199560/; classtype:trojan-activity;sid:81062660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/jt2ly-82r1t-uawc/"; http_uri; depth:26; isdataat:!1,relative; content:"www.rabotkerk.be"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199558/; classtype:trojan-activity;sid:81062658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.mips"; http_uri; depth:19; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199557/; classtype:trojan-activity;sid:81062657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/k3nlc-jupmj-vxzwydm/"; http_uri; depth:32; isdataat:!1,relative; content:"fireprotectionservicespennsylvania.review"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199552/; classtype:trojan-activity;sid:81062652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_mm/cshqzve-2wrp3b6-acmsyoc/"; http_uri; depth:29; isdataat:!1,relative; content:"garage-ucg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199551/; classtype:trojan-activity;sid:81062651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"37.6.47.37"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199529/; classtype:trojan-activity;sid:81062629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/42tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"81tk.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199526/; classtype:trojan-activity;sid:81062626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/41tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"13878.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199525/; classtype:trojan-activity;sid:81062625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legion.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"167.88.161.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199524/; classtype:trojan-activity;sid:81062624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/42tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"3391444.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199523/; classtype:trojan-activity;sid:81062623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/41tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"188338.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199521/; classtype:trojan-activity;sid:81062621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/jvqzpj-qqv5yn-iujro/"; http_uri; depth:32; isdataat:!1,relative; content:"data.iain-manado.ac.id"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199520/; classtype:trojan-activity;sid:81062620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_yoru.oldcake/app/webroot/i23z-b91g84-kvrrlys/"; http_uri; depth:47; isdataat:!1,relative; content:"kirakima.sakura.ne.jp"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199515/; classtype:trojan-activity;sid:81062615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legion.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"167.88.161.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199514/; classtype:trojan-activity;sid:81062614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2006/9cs63i4-rbynm-zrnxuqw/"; http_uri; depth:28; isdataat:!1,relative; content:"kujuaid.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199512/; classtype:trojan-activity;sid:81062612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aikawa/2q13-86mdf3-hjxhhr/"; http_uri; depth:27; isdataat:!1,relative; content:"kumakun.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199510/; classtype:trojan-activity;sid:81062610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xchangecrypted.exe"; http_uri; depth:19; isdataat:!1,relative; content:"www.starsshipindia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199508/; classtype:trojan-activity;sid:81062608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/archive/lienu7-gmeqaps-nrnqb/"; http_uri; depth:30; isdataat:!1,relative; content:"maloninc.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199506/; classtype:trojan-activity;sid:81062606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/549lfpr-f98te73-fkqna/"; http_uri; depth:35; isdataat:!1,relative; content:"lab-quality.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199505/; classtype:trojan-activity;sid:81062605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scan/trrmbcbn/"; http_uri; depth:24; isdataat:!1,relative; content:"www.adil-darugar.fr"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199504/; classtype:trojan-activity;sid:81062604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/qrx8t-enc1iw2-tlpfv/"; http_uri; depth:42; isdataat:!1,relative; content:"eeda.tn"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199503/; classtype:trojan-activity;sid:81062603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/0094ofi-io04bs-wgexsrj/"; http_uri; depth:35; isdataat:!1,relative; content:"biyoistatistikdoktoru.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199501/; classtype:trojan-activity;sid:81062601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ina4-ows9b-vnirk/"; http_uri; depth:29; isdataat:!1,relative; content:"lencoltermicosonobom.com.br"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199500/; classtype:trojan-activity;sid:81062600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/0svg-ykzyl-eczxl/"; http_uri; depth:29; isdataat:!1,relative; content:"osarofc.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199499/; classtype:trojan-activity;sid:81062599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/uhiz5-waz5h1-oeokf/"; http_uri; depth:29; isdataat:!1,relative; content:"sa-pient.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199493/; classtype:trojan-activity;sid:81062593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/f8kqjc4-rsaxk-cgivh/"; http_uri; depth:33; isdataat:!1,relative; content:"aktpl.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199490/; classtype:trojan-activity;sid:81062590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/8j81y6r-r7axbj-coot/"; http_uri; depth:32; isdataat:!1,relative; content:"ipdesign.pt"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199489/; classtype:trojan-activity;sid:81062589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/t0wunqu-izvvlvm-cqxnq/"; http_uri; depth:34; isdataat:!1,relative; content:"bmeinc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199488/; classtype:trojan-activity;sid:81062588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mvmbb6/ei43a-fw9o8-druj/"; http_uri; depth:25; isdataat:!1,relative; content:"ibuying.pk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199487/; classtype:trojan-activity;sid:81062587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/conn32"; http_uri; depth:9; isdataat:!1,relative; content:"111.90.159.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199485/; classtype:trojan-activity;sid:81062585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/2r5n-hqg5fh-riwe/"; http_uri; depth:27; isdataat:!1,relative; content:"ninhodosanimais.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199484/; classtype:trojan-activity;sid:81062584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/v62mbu6-bulqh0-mqvdot/"; http_uri; depth:35; isdataat:!1,relative; content:"dnmartin.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199483/; classtype:trojan-activity;sid:81062583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/baldr.exe"; http_uri; depth:19; isdataat:!1,relative; content:"u255864177.hostingerapp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199481/; classtype:trojan-activity;sid:81062581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2004christmas/ybgiax_c3bk83e7-33621494/"; http_uri; depth:40; isdataat:!1,relative; content:"mstation.jp"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199480/; classtype:trojan-activity;sid:81062580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pub/nauvcjcbph/"; http_uri; depth:16; isdataat:!1,relative; content:"moolo.pl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199479/; classtype:trojan-activity;sid:81062579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ws/xz8yftcm6t_bdxduwga3w-3/"; http_uri; depth:28; isdataat:!1,relative; content:"miv-survey.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199478/; classtype:trojan-activity;sid:81062578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/upload_docs/7qnxu0_on92iv5o8u-07294/"; http_uri; depth:37; isdataat:!1,relative; content:"mmesupport.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199477/; classtype:trojan-activity;sid:81062577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/slagmite/vfao_7pkco0lob-674967226/"; http_uri; depth:35; isdataat:!1,relative; content:"mobilizr.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199476/; classtype:trojan-activity;sid:81062576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4a30/"; http_uri; depth:6; isdataat:!1,relative; content:"mejiadigital.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199475/; classtype:trojan-activity;sid:81062575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/46nq99/"; http_uri; depth:13; isdataat:!1,relative; content:"mejalook.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199474/; classtype:trojan-activity;sid:81062574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/0px3t7/"; http_uri; depth:16; isdataat:!1,relative; content:"lifetransformersgroup.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199473/; classtype:trojan-activity;sid:81062573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bipq/1265/"; http_uri; depth:11; isdataat:!1,relative; content:"giumaithanhxuan.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199472/; classtype:trojan-activity;sid:81062572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/v2/iogkxow886/"; http_uri; depth:15; isdataat:!1,relative; content:"nemexis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199471/; classtype:trojan-activity;sid:81062571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/space1/git/raw/master/ped250.msi"; http_uri; depth:33; isdataat:!1,relative; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199470/; classtype:trojan-activity;sid:81062570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/all/ntpdd.spc"; http_uri; depth:14; isdataat:!1,relative; content:"195.29.176.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199468/; classtype:trojan-activity;sid:81062568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/all/ntpdd.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"195.29.176.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199467/; classtype:trojan-activity;sid:81062567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/all/ntpdd.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"195.29.176.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199466/; classtype:trojan-activity;sid:81062566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/all/ntpdd.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"195.29.176.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199465/; classtype:trojan-activity;sid:81062565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/all/ntpdd.mips"; http_uri; depth:15; isdataat:!1,relative; content:"195.29.176.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199464/; classtype:trojan-activity;sid:81062564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/all/ntpdd.x86"; http_uri; depth:14; isdataat:!1,relative; content:"195.29.176.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199463/; classtype:trojan-activity;sid:81062563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/all/ntpdd.arm8"; http_uri; depth:15; isdataat:!1,relative; content:"195.29.176.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199462/; classtype:trojan-activity;sid:81062562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/all/ntpdd.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"195.29.176.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199461/; classtype:trojan-activity;sid:81062561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/all/ntpdd.arm"; http_uri; depth:14; isdataat:!1,relative; content:"195.29.176.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199460/; classtype:trojan-activity;sid:81062560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"108.174.197.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199458/; classtype:trojan-activity;sid:81062558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"108.174.197.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199453/; classtype:trojan-activity;sid:81062553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cd/81/ddq7kprp_o.png"; http_uri; depth:21; isdataat:!1,relative; content:"images2.imgbox.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199446/; classtype:trojan-activity;sid:81062546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/q3aozv2.png"; http_uri; depth:12; isdataat:!1,relative; content:"i.imgur.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199445/; classtype:trojan-activity;sid:81062545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"108.174.197.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199440/; classtype:trojan-activity;sid:81062540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"108.174.197.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199438/; classtype:trojan-activity;sid:81062538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; content:"108.174.197.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199432/; classtype:trojan-activity;sid:81062532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"108.174.197.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199409/; classtype:trojan-activity;sid:81062509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; content:"108.174.197.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199407/; classtype:trojan-activity;sid:81062507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199404/; classtype:trojan-activity;sid:81062504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"108.174.197.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199403/; classtype:trojan-activity;sid:81062503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"108.174.197.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199400/; classtype:trojan-activity;sid:81062500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/185137protect.pif"; http_uri; depth:18; isdataat:!1,relative; content:"theworkouts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199386/; classtype:trojan-activity;sid:81062486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nltc/wp-content/themes/myself/inc/customizer/sections/tds%20challan.zip"; http_uri; depth:72; isdataat:!1,relative; content:"razorse.in"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199385/; classtype:trojan-activity;sid:81062485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nltc/wp-content/themes/myself/inc/customizer/tds%20challan.zip"; http_uri; depth:63; isdataat:!1,relative; content:"razorse.in"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199384/; classtype:trojan-activity;sid:81062484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199374/; classtype:trojan-activity;sid:81062474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp"; http_uri; depth:4; isdataat:!1,relative; content:"traveser.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199370/; classtype:trojan-activity;sid:81062470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.198.172.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199365/; classtype:trojan-activity;sid:81062465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/m.exe"; http_uri; depth:13; isdataat:!1,relative; content:"104.233.201.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199360/; classtype:trojan-activity;sid:81062460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199359/; classtype:trojan-activity;sid:81062459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3437737721s112374123.zip"; http_uri; depth:25; isdataat:!1,relative; content:"www.strukturefs.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199358/; classtype:trojan-activity;sid:81062458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0871069452433919.zip"; http_uri; depth:21; isdataat:!1,relative; content:"moredetey.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199357/; classtype:trojan-activity;sid:81062457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/u90-539424974243981.zip"; http_uri; depth:24; isdataat:!1,relative; content:"micahproducts.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199356/; classtype:trojan-activity;sid:81062456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp"; http_uri; depth:4; isdataat:!1,relative; content:"lecmess.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199355/; classtype:trojan-activity;sid:81062455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.mips"; http_uri; depth:19; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199353/; classtype:trojan-activity;sid:81062453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199331/; classtype:trojan-activity;sid:81062431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199330/; classtype:trojan-activity;sid:81062430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/logo/temp/microsoft.exe"; http_uri; depth:24; isdataat:!1,relative; content:"worththewhisk.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199329/; classtype:trojan-activity;sid:81062429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.x86"; http_uri; depth:18; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199328/; classtype:trojan-activity;sid:81062428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; content:"43.242.75.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199327/; classtype:trojan-activity;sid:81062427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199326/; classtype:trojan-activity;sid:81062426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/btqbghdo7eu6ykg0zzxjohdj7_j9gac5n-2948099525/"; http_uri; depth:54; isdataat:!1,relative; content:"912graphics.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199325/; classtype:trojan-activity;sid:81062425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.arm"; http_uri; depth:18; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199318/; classtype:trojan-activity;sid:81062418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shiina/shiina.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"34.66.77.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199317/; classtype:trojan-activity;sid:81062417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lanisha.x86"; http_uri; depth:17; isdataat:!1,relative; content:"173.0.52.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199315/; classtype:trojan-activity;sid:81062415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lanisha.mpsl"; http_uri; depth:18; isdataat:!1,relative; content:"173.0.52.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199314/; classtype:trojan-activity;sid:81062414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lanisha.mips"; http_uri; depth:18; isdataat:!1,relative; content:"173.0.52.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199313/; classtype:trojan-activity;sid:81062413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lanisha.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"173.0.52.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199312/; classtype:trojan-activity;sid:81062412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lanisha.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"173.0.52.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199311/; classtype:trojan-activity;sid:81062411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lanisha.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"173.0.52.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199310/; classtype:trojan-activity;sid:81062410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lanisha.arm"; http_uri; depth:17; isdataat:!1,relative; content:"173.0.52.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199309/; classtype:trojan-activity;sid:81062409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kosha.x86"; http_uri; depth:10; isdataat:!1,relative; content:"172.245.135.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199308/; classtype:trojan-activity;sid:81062408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kosha.mipsel"; http_uri; depth:13; isdataat:!1,relative; content:"172.245.135.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199307/; classtype:trojan-activity;sid:81062407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kosha.mips"; http_uri; depth:11; isdataat:!1,relative; content:"172.245.135.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199306/; classtype:trojan-activity;sid:81062406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kosha.i686"; http_uri; depth:11; isdataat:!1,relative; content:"172.245.135.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199305/; classtype:trojan-activity;sid:81062405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kosha.i586"; http_uri; depth:11; isdataat:!1,relative; content:"172.245.135.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199304/; classtype:trojan-activity;sid:81062404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kosha.armv6"; http_uri; depth:12; isdataat:!1,relative; content:"172.245.135.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199303/; classtype:trojan-activity;sid:81062403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kosha.armv5"; http_uri; depth:12; isdataat:!1,relative; content:"172.245.135.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199302/; classtype:trojan-activity;sid:81062402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kosha.armv4"; http_uri; depth:12; isdataat:!1,relative; content:"172.245.135.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199301/; classtype:trojan-activity;sid:81062401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/logo/temp/wks.exe"; http_uri; depth:18; isdataat:!1,relative; content:"worththewhisk.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199278/; classtype:trojan-activity;sid:81062378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; content:"43.242.75.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199276/; classtype:trojan-activity;sid:81062376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/w.server"; http_uri; depth:9; isdataat:!1,relative; content:"43.242.75.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199275/; classtype:trojan-activity;sid:81062375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/horny1/mips"; http_uri; depth:12; isdataat:!1,relative; content:"35.201.205.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199274/; classtype:trojan-activity;sid:81062374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/horny1/sh4"; http_uri; depth:11; isdataat:!1,relative; content:"35.201.205.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199273/; classtype:trojan-activity;sid:81062373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/horny1/arm5"; http_uri; depth:12; isdataat:!1,relative; content:"35.201.205.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199272/; classtype:trojan-activity;sid:81062372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/horny1/m68k"; http_uri; depth:12; isdataat:!1,relative; content:"35.201.205.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199271/; classtype:trojan-activity;sid:81062371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"182.68.3.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199270/; classtype:trojan-activity;sid:81062370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vlkgrnd_vzlom%200.4.6.7.exe"; http_uri; depth:28; isdataat:!1,relative; content:"vzlom-vulkan.000webhostapp.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199269/; classtype:trojan-activity;sid:81062369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ps23e"; http_uri; depth:6; isdataat:!1,relative; content:"192.200.194.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199268/; classtype:trojan-activity;sid:81062368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/maildata/maildate_inst.exe"; http_uri; depth:27; isdataat:!1,relative; content:"mail.webpromote.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199266/; classtype:trojan-activity;sid:81062366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/x54foocsocq3hddk_c3e68-88316015852100/"; http_uri; depth:53; isdataat:!1,relative; content:"pmalyshev.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199264/; classtype:trojan-activity;sid:81062364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/document/kasyywozlfoehvrjgr/"; http_uri; depth:39; isdataat:!1,relative; content:"blog.tactfudosan.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199263/; classtype:trojan-activity;sid:81062363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/qlomqukhp4rm409zcqi35hdp_3ezcpjzr5-7274514462/"; http_uri; depth:56; isdataat:!1,relative; content:"glumory.co.id"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199261/; classtype:trojan-activity;sid:81062361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/new/document/dcm61tc0sudmm5n860qu1ra_ubwtq8m-5670754007/"; http_uri; depth:57; isdataat:!1,relative; content:"advokat-kov.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199260/; classtype:trojan-activity;sid:81062360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/esp/5et9jh3fkakhc0tqf6mf_36yoe7na2-28649149907/"; http_uri; depth:60; isdataat:!1,relative; content:"ideenn.ml"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199257/; classtype:trojan-activity;sid:81062357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/llc/jbiat3az5san8nte6g_mhl1i2rv-47824935/"; http_uri; depth:50; isdataat:!1,relative; content:"luxconstruction.mackmckie.me"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199256/; classtype:trojan-activity;sid:81062356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lm/qr0k1llf_9epghq0f-911869644204054/"; http_uri; depth:50; isdataat:!1,relative; content:"usemycredit.ml"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199255/; classtype:trojan-activity;sid:81062355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/lm/gfjj522nshq21esba0bgt5_ig360-20814056176637/"; http_uri; depth:57; isdataat:!1,relative; content:"demositem.cf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_21; reference:url, urlhaus.abuse.ch/url/199254/; classtype:trojan-activity;sid:81062354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/yccpvcaqjhltf/"; http_uri; depth:28; isdataat:!1,relative; content:"gribochkanet.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199249/; classtype:trojan-activity;sid:81062349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/star/scan/4srrh6lm3eqgk7goazhnkodrbaio_eaxlbr-436287246/"; http_uri; depth:57; isdataat:!1,relative; content:"masters-catering.kz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199248/; classtype:trojan-activity;sid:81062348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/lm/lelpnvtayecngl/"; http_uri; depth:23; isdataat:!1,relative; content:"3glav.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199247/; classtype:trojan-activity;sid:81062347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/esp/drfhyjiaqkirzkztpfcxvsfyud/"; http_uri; depth:40; isdataat:!1,relative; content:"graminea.or.id"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199246/; classtype:trojan-activity;sid:81062346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/responsiveimagegallery/61p114nlua4w2_8mcik3tixr-083144052/"; http_uri; depth:59; isdataat:!1,relative; content:"print-consult.be"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199245/; classtype:trojan-activity;sid:81062345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/zuxbjd6mgcbofmz_1lwfz-96882379608/"; http_uri; depth:54; isdataat:!1,relative; content:"les.nyc"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199244/; classtype:trojan-activity;sid:81062344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/file/fsrautldlbq/"; http_uri; depth:30; isdataat:!1,relative; content:"akoagro.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199243/; classtype:trojan-activity;sid:81062343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_notes/file/octbubxwjouennc/"; http_uri; depth:29; isdataat:!1,relative; content:"atkt.markv.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199242/; classtype:trojan-activity;sid:81062342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scan/trrmbcbn/"; http_uri; depth:24; isdataat:!1,relative; content:"chirurgien-ophtalmo-retine.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199241/; classtype:trojan-activity;sid:81062341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/lm/lmjqdfyxeanynpuvmqbcjs/"; http_uri; depth:38; isdataat:!1,relative; content:"congchunggiakhanh.vn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199240/; classtype:trojan-activity;sid:81062340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/toreshim.kz/llc/ndpzcybjjxptwocjvwxzqbyfxvqsut/"; http_uri; depth:48; isdataat:!1,relative; content:"zhas-daryn.kz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199239/; classtype:trojan-activity;sid:81062339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/esp/zugnnetz0suvx017j01zwr3_x33y9-0543142109882/"; http_uri; depth:56; isdataat:!1,relative; content:"supercopa.cl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199238/; classtype:trojan-activity;sid:81062338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bkp-06-05-019/sites/hxfldlfmdmdwwyqirrzhcgwse/"; http_uri; depth:47; isdataat:!1,relative; content:"daizys.nl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199237/; classtype:trojan-activity;sid:81062337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/inc/rycxlpkwbaxnzsdoqyrwlxxoi/"; http_uri; depth:39; isdataat:!1,relative; content:"paywhatyouwant.io"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199236/; classtype:trojan-activity;sid:81062336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/copyright/file/vppkshnpdkhrjuexeeoociiahwbuda/"; http_uri; depth:47; isdataat:!1,relative; content:"teknisi-it.id"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199235/; classtype:trojan-activity;sid:81062335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/llc/hsnp7lhg0fbqhj1dph7c4fmspwvz_r66ocyu3-858421356/"; http_uri; depth:65; isdataat:!1,relative; content:"mic3412.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199234/; classtype:trojan-activity;sid:81062334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/muun/esp/ihcsetywzrho/"; http_uri; depth:23; isdataat:!1,relative; content:"boilerservice-cambridge.co.uk"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199233/; classtype:trojan-activity;sid:81062333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/4p8n17709"; http_uri; depth:22; isdataat:!1,relative; content:"qone-underwear.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199232/; classtype:trojan-activity;sid:81062332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/pages/wojuhwdofhnkdkbe/"; http_uri; depth:36; isdataat:!1,relative; content:"bcaa.gq"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199231/; classtype:trojan-activity;sid:81062331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/suspended.page/esp/zrnxuqwtuafqzqrqsburfxedgwgwvk/"; http_uri; depth:51; isdataat:!1,relative; content:"bestit.biz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199230/; classtype:trojan-activity;sid:81062330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ilum.pl/document/f7djienirh5otecveisehl6oi_tn22d-108070575/"; http_uri; depth:60; isdataat:!1,relative; content:"cielecka.pl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199229/; classtype:trojan-activity;sid:81062329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carloghio/parts_service/jyrbyxvsfhnopvvtasyybhbr/"; http_uri; depth:50; isdataat:!1,relative; content:"eurofutura.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199228/; classtype:trojan-activity;sid:81062328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199227/; classtype:trojan-activity;sid:81062327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2016/84-00778763475505703.zip"; http_uri; depth:49; isdataat:!1,relative; content:"alageum.chook.kz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199226/; classtype:trojan-activity;sid:81062326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199225/; classtype:trojan-activity;sid:81062325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199224/; classtype:trojan-activity;sid:81062324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/724282086994-8078387704510155768.zip"; http_uri; depth:56; isdataat:!1,relative; content:"alageum.chook.kz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199223/; classtype:trojan-activity;sid:81062323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/s00-7878741w7483310.zip"; http_uri; depth:43; isdataat:!1,relative; content:"alageum.chook.kz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199222/; classtype:trojan-activity;sid:81062322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"5.28.158.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199221/; classtype:trojan-activity;sid:81062321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/wp-includes/our.exe"; http_uri; depth:25; isdataat:!1,relative; content:"ec.rk-store.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199220/; classtype:trojan-activity;sid:81062320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/esp/lvxnshshdjxtiarivttxhdogx/"; http_uri; depth:35; isdataat:!1,relative; content:"lesantivirus.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199219/; classtype:trojan-activity;sid:81062319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/pages/rphdkfqwbj/"; http_uri; depth:30; isdataat:!1,relative; content:"longokura.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199218/; classtype:trojan-activity;sid:81062318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fuurball/paclm/tayiwtdw9gvgb21rvi815umr4_l1k2tafz-916097634479/"; http_uri; depth:64; isdataat:!1,relative; content:"luz.ch"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199217/; classtype:trojan-activity;sid:81062317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cafe/llc/d02zuso2z3r0o07_uge4o-3011321187376/"; http_uri; depth:46; isdataat:!1,relative; content:"luisromero.es"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199216/; classtype:trojan-activity;sid:81062316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/icon/document/fifegovjlq/"; http_uri; depth:26; isdataat:!1,relative; content:"luppie.eu"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199215/; classtype:trojan-activity;sid:81062315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/paclm/mcpf0o3f5me1zh2x2xarr5c_c2kog9qp6-11133861/"; http_uri; depth:57; isdataat:!1,relative; content:"manorviews.co.nz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199214/; classtype:trojan-activity;sid:81062314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/documentzxyyxtzxdasfjhsdjfakjdfjhsjdfjsdfjsdhfjsdjfsdj.doc"; http_uri; depth:59; isdataat:!1,relative; content:"is45wdsed4455sdfsf.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199213/; classtype:trojan-activity;sid:81062313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beautiful%20woman.exe"; http_uri; depth:22; isdataat:!1,relative; content:"fb-redirection.herobo.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199212/; classtype:trojan-activity;sid:81062312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/admin/3b1zwi824hbk1pe2coubcbob_5nlp4bh-14804269498/"; http_uri; depth:52; isdataat:!1,relative; content:"marbellastreaming.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199211/; classtype:trojan-activity;sid:81062311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wkdrlk/papkaa17/nujujetny/"; http_uri; depth:27; isdataat:!1,relative; content:"antonresidential.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199210/; classtype:trojan-activity;sid:81062310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sites/k47y5hwtw8h_aqzp3l-449059094/"; http_uri; depth:36; isdataat:!1,relative; content:"markelliotson.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199209/; classtype:trojan-activity;sid:81062309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/llc/oxitshkrmjcsa/"; http_uri; depth:31; isdataat:!1,relative; content:"markantic.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199208/; classtype:trojan-activity;sid:81062308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/408e6e841d6f8485eb1e70d87986c97e.zip"; http_uri; depth:44; isdataat:!1,relative; content:"southsidebaptistgriffin.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199207/; classtype:trojan-activity;sid:81062307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/infa/file/ljvrixquulhocevbcudnsfzgi/"; http_uri; depth:37; isdataat:!1,relative; content:"ramun.ch"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199206/; classtype:trojan-activity;sid:81062306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/rncjoymd9s61_ahrbb-46845098052870/"; http_uri; depth:47; isdataat:!1,relative; content:"crsigns.co.uk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199205/; classtype:trojan-activity;sid:81062305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e7vsu.exe"; http_uri; depth:10; isdataat:!1,relative; content:"axelherforth.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199204/; classtype:trojan-activity;sid:81062304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/42tk.exe"; http_uri; depth:9; isdataat:!1,relative; content:"k12818.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199203/; classtype:trojan-activity;sid:81062303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pix/parts_service/wbwhqtyeviepsmptrsyl/"; http_uri; depth:40; isdataat:!1,relative; content:"masana.cat"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199202/; classtype:trojan-activity;sid:81062302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/includes/parts_service/66a0eqesdiscmrj7xgcju3iihe5s_0dgn12ca-5540879677/"; http_uri; depth:73; isdataat:!1,relative; content:"maservisni.eu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199201/; classtype:trojan-activity;sid:81062301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ozxyumoiylguff/"; http_uri; depth:16; isdataat:!1,relative; content:"mattshortland.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199200/; classtype:trojan-activity;sid:81062300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/51655165g/sites/zuutn9zkjzzsbhffa5d0fpvaw9z_jzv2j6b-263923452810966/"; http_uri; depth:69; isdataat:!1,relative; content:"mazzglobal.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199199/; classtype:trojan-activity;sid:81062299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/micks_chat/inc/kfnjtkdmsyiuewhbqeyvzigboauj/"; http_uri; depth:45; isdataat:!1,relative; content:"mickreevesmodels.co.uk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199198/; classtype:trojan-activity;sid:81062298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/v2.0.0/7ouvu47/"; http_uri; depth:16; isdataat:!1,relative; content:"proyectonoviembre.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199197/; classtype:trojan-activity;sid:81062297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/blnnz83/"; http_uri; depth:17; isdataat:!1,relative; content:"soprab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199196/; classtype:trojan-activity;sid:81062296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_vti_log/5hu7x820/"; http_uri; depth:19; isdataat:!1,relative; content:"bombafmradio.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199195/; classtype:trojan-activity;sid:81062295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/9b40471/"; http_uri; depth:17; isdataat:!1,relative; content:"tajdintravels.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199194/; classtype:trojan-activity;sid:81062294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/wic5/"; http_uri; depth:15; isdataat:!1,relative; content:"kobac-kawaguchi01.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199193/; classtype:trojan-activity;sid:81062293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/4p8n17709/"; http_uri; depth:23; isdataat:!1,relative; content:"qone-underwear.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199192/; classtype:trojan-activity;sid:81062292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/folder/transaction_receipt_0122.exe"; http_uri; depth:36; isdataat:!1,relative; content:"cvzovwor.co.uk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199191/; classtype:trojan-activity;sid:81062291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4et1bd.zip"; http_uri; depth:11; isdataat:!1,relative; content:"a.cockfile.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199190/; classtype:trojan-activity;sid:81062290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog2/file/fculiwgtqbvwcpdfuqrvodckjxemi/"; http_uri; depth:42; isdataat:!1,relative; content:"monsterz.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199189/; classtype:trojan-activity;sid:81062289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dat3.exe"; http_uri; depth:9; isdataat:!1,relative; content:"www.bodatxim.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199188/; classtype:trojan-activity;sid:81062288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/esp/jlogrxpwz/"; http_uri; depth:18; isdataat:!1,relative; content:"multicapmais.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199187/; classtype:trojan-activity;sid:81062287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zayarlin/document/bejkgnhfydtjbiljqjwhviadu"; http_uri; depth:44; isdataat:!1,relative; content:"focuseducationcentre.cf"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199186/; classtype:trojan-activity;sid:81062286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/onoltda-gd.exe"; http_uri; depth:15; isdataat:!1,relative; content:"www.braintrainersuk.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199185/; classtype:trojan-activity;sid:81062285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pages/ntq8h5pnhzsb_c98jimy0lh-77243452881/"; http_uri; depth:54; isdataat:!1,relative; content:"mtaconsulting.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199184/; classtype:trojan-activity;sid:81062284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scfv/byofxzlibldanzjqjhwnsogzvfu/"; http_uri; depth:34; isdataat:!1,relative; content:"mwvisual.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199183/; classtype:trojan-activity;sid:81062283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dmc/clview.exe"; http_uri; depth:15; isdataat:!1,relative; content:"jplymell.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199182/; classtype:trojan-activity;sid:81062282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/zjlrnsotorjevugxh/"; http_uri; depth:28; isdataat:!1,relative; content:"myofficeplus.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199181/; classtype:trojan-activity;sid:81062281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ntltztaub/"; http_uri; depth:22; isdataat:!1,relative; content:"guimaraesconstrutorasjc.com.br"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199180/; classtype:trojan-activity;sid:81062280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/5ze7vs_tgt6e3k-5/"; http_uri; depth:26; isdataat:!1,relative; content:"thepropertydealerz.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199179/; classtype:trojan-activity;sid:81062279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nngb24y/vxgapwuwd/"; http_uri; depth:19; isdataat:!1,relative; content:"gawaher-services.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199178/; classtype:trojan-activity;sid:81062278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wkdrlk/papkaa17/nujujetny/"; http_uri; depth:27; isdataat:!1,relative; content:"antonresidential.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199177/; classtype:trojan-activity;sid:81062277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/shecgesia_cjtf7s6-2586658720/"; http_uri; depth:34; isdataat:!1,relative; content:"overcreative.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199176/; classtype:trojan-activity;sid:81062276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4jew/pages/dddirvhssfjb///"; http_uri; depth:27; isdataat:!1,relative; content:"mjeas.seas.num.edu.mn"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199175/; classtype:trojan-activity;sid:81062275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/old/gmvor-qkevv-kmjsj//"; http_uri; depth:24; isdataat:!1,relative; content:"priatman.co.id"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199174/; classtype:trojan-activity;sid:81062274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/zjzsvkdzrzmvyxkmwqhxc///"; http_uri; depth:44; isdataat:!1,relative; content:"dembo.bangkok.th.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199173/; classtype:trojan-activity;sid:81062273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/file/lydb59kvj94x2qxaf0lo_95s38g-70862676621395/"; http_uri; depth:57; isdataat:!1,relative; content:"planetkram.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199172/; classtype:trojan-activity;sid:81062272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/pages/jamcysmfx_d379k-789309688595/"; http_uri; depth:40; isdataat:!1,relative; content:"mayupan.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199171/; classtype:trojan-activity;sid:81062271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc/gsnhdhup7vp8u3onxtqzbn_mso4v7e-4060977015/"; http_uri; depth:47; isdataat:!1,relative; content:"ndm-services.co.uk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199170/; classtype:trojan-activity;sid:81062270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/infa/file/ljvrixquulhocevbcudnsfzgi/"; http_uri; depth:37; isdataat:!1,relative; content:"ramun.ch"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199169/; classtype:trojan-activity;sid:81062269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pawork900.exe"; http_uri; depth:14; isdataat:!1,relative; content:"mazzet990.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199168/; classtype:trojan-activity;sid:81062268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/dlink2"; http_uri; depth:17; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199167/; classtype:trojan-activity;sid:81062267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/dlink"; http_uri; depth:16; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199166/; classtype:trojan-activity;sid:81062266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/adb1"; http_uri; depth:15; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199165/; classtype:trojan-activity;sid:81062265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.x86"; http_uri; depth:21; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199164/; classtype:trojan-activity;sid:81062264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199163/; classtype:trojan-activity;sid:81062263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.mips"; http_uri; depth:22; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199162/; classtype:trojan-activity;sid:81062262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199161/; classtype:trojan-activity;sid:81062261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199160/; classtype:trojan-activity;sid:81062260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199159/; classtype:trojan-activity;sid:81062259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.arm"; http_uri; depth:21; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199158/; classtype:trojan-activity;sid:81062258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/linksys"; http_uri; depth:18; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199157/; classtype:trojan-activity;sid:81062257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/llc/document/qwrwctrmdmbwslubhyvcabfwhiqx/"; http_uri; depth:43; isdataat:!1,relative; content:"subkhonov.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199156/; classtype:trojan-activity;sid:81062256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/btqbghdo7eu6ykg0zzxjohdj7_j9gac5n-2948099525/"; http_uri; depth:54; isdataat:!1,relative; content:"www.912graphics.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199155/; classtype:trojan-activity;sid:81062255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/homepage_files/paclm/atmrnhzxjjfifdtqmccnmiphpruxo/"; http_uri; depth:52; isdataat:!1,relative; content:"zmeyerz.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199154/; classtype:trojan-activity;sid:81062254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9eui/wzaolmvpwpd/"; http_uri; depth:18; isdataat:!1,relative; content:"door-craft.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199153/; classtype:trojan-activity;sid:81062253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/zjzsvkdzrzmvyxkmwqhxc/"; http_uri; depth:42; isdataat:!1,relative; content:"dembo.bangkok.th.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199152/; classtype:trojan-activity;sid:81062252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/dcprint_pro_v2.5.exe"; http_uri; depth:30; isdataat:!1,relative; content:"www.dcprint.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199151/; classtype:trojan-activity;sid:81062251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/jaajgggshskumkanmfidcm/"; http_uri; depth:35; isdataat:!1,relative; content:"disperumkim.baliprov.go.id"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199150/; classtype:trojan-activity;sid:81062250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/doc/foqojoiys/"; http_uri; depth:34; isdataat:!1,relative; content:"bloomfire.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199149/; classtype:trojan-activity;sid:81062249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/old/gmvor-qkevv-kmjsj/"; http_uri; depth:23; isdataat:!1,relative; content:"priatman.co.id"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199148/; classtype:trojan-activity;sid:81062248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/vtt3uru-k3dfd-rfeqkz/"; http_uri; depth:41; isdataat:!1,relative; content:"fitnepali.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199147/; classtype:trojan-activity;sid:81062247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/q4qzpxt57s_s90s0-562133435485/"; http_uri; depth:50; isdataat:!1,relative; content:"aradministracionintegral.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199146/; classtype:trojan-activity;sid:81062246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/wp-includes/blv.exe"; http_uri; depth:25; isdataat:!1,relative; content:"ec.rk-store.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199145/; classtype:trojan-activity;sid:81062245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"198.12.97.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199144/; classtype:trojan-activity;sid:81062244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/webid/themes/adminmodern/fonts/limee.exe"; http_uri; depth:41; isdataat:!1,relative; content:"jbee.my"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199143/; classtype:trojan-activity;sid:81062243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/controle/file/urjm9ad0e20oke9_yys4j-1833857769/"; http_uri; depth:48; isdataat:!1,relative; content:"eticasolucoes.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199142/; classtype:trojan-activity;sid:81062242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/myshit/mhv8eiw14_tj1q863agg-191035311473/"; http_uri; depth:42; isdataat:!1,relative; content:"exenture.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199141/; classtype:trojan-activity;sid:81062241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wenhuajingdian/upfiles/chm_exe/1226sanguo1gb.exe"; http_uri; depth:49; isdataat:!1,relative; content:"www.jxwmw.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199140/; classtype:trojan-activity;sid:81062240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/5r0x/inc/sor5jniomi1bw8se6reyjodziydt_dk6pdtw-885852414780/"; http_uri; depth:60; isdataat:!1,relative; content:"gatewaymontessori.edu.gh"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199139/; classtype:trojan-activity;sid:81062239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4jew/pages/dddirvhssfjb/"; http_uri; depth:25; isdataat:!1,relative; content:"mjeas.seas.num.edu.mn"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199138/; classtype:trojan-activity;sid:81062238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pzcnfbgpe/"; http_uri; depth:22; isdataat:!1,relative; content:"24mm.site"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199137/; classtype:trojan-activity;sid:81062237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/paclm/okb30cee6xhg1cbi279ssznmewh88k_mimhl-536403870815322/"; http_uri; depth:69; isdataat:!1,relative; content:"misbragasusadas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199136/; classtype:trojan-activity;sid:81062236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/wp-includes/femi.exe"; http_uri; depth:26; isdataat:!1,relative; content:"ec.rk-store.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199135/; classtype:trojan-activity;sid:81062235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.arm"; http_uri; depth:10; isdataat:!1,relative; content:"198.12.97.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199134/; classtype:trojan-activity;sid:81062234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.mips"; http_uri; depth:11; isdataat:!1,relative; content:"198.12.97.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199133/; classtype:trojan-activity;sid:81062233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/winboxscan-0213.exe"; http_uri; depth:24; isdataat:!1,relative; content:"seamonkey.club"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199132/; classtype:trojan-activity;sid:81062232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dmc/parts_service/5eh2hsadldjems1kq3wlh403v_e39t3mz1ud-335687791589/"; http_uri; depth:69; isdataat:!1,relative; content:"bonizz.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199131/; classtype:trojan-activity;sid:81062231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/file/kzfykwnczilhpslvhpext/"; http_uri; depth:35; isdataat:!1,relative; content:"consortiumgardois.eu"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199130/; classtype:trojan-activity;sid:81062230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wenhuajingdian/upfiles/chm_exe/fsyy.exe"; http_uri; depth:40; isdataat:!1,relative; content:"www.jxwmw.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199129/; classtype:trojan-activity;sid:81062229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/onoltda-gd.exe"; http_uri; depth:15; isdataat:!1,relative; content:"www.braintrainersuk.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199128/; classtype:trojan-activity;sid:81062228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/att/0/10/05/85/10058513_919975.exe"; http_uri; depth:35; isdataat:!1,relative; content:"www.jxwmw.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199127/; classtype:trojan-activity;sid:81062227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/lm/3oszpkgom9175aa_8danqb3v-845337550891852/"; http_uri; depth:56; isdataat:!1,relative; content:"wpstride.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199126/; classtype:trojan-activity;sid:81062226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/f3pafo-bac855-vrgxw/"; http_uri; depth:30; isdataat:!1,relative; content:"javed.co.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199125/; classtype:trojan-activity;sid:81062225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/paclm/nrzbbwc9xordu0f1pojvw03um0v42_ucm04gi-866893424118465/"; http_uri; depth:73; isdataat:!1,relative; content:"coronadobaptistchurch.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199124/; classtype:trojan-activity;sid:81062224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/vc.exe"; http_uri; depth:11; isdataat:!1,relative; content:"seamonkey.club"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199123/; classtype:trojan-activity;sid:81062223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dup-installer/esp/whispsbnpvwrdndxbltfemdiukos/"; http_uri; depth:48; isdataat:!1,relative; content:"guidafinanziamentieuropei.it"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199122/; classtype:trojan-activity;sid:81062222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/updatecoreo/paclm/qoqclyidnqskruprqtay/"; http_uri; depth:40; isdataat:!1,relative; content:"lnemacs.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199121/; classtype:trojan-activity;sid:81062221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/xpbootcd.zip"; http_uri; depth:22; isdataat:!1,relative; content:"www.docsdownloads.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199120/; classtype:trojan-activity;sid:81062220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/hfrhybo35jocmt9rykxk92d9_ws2nvv-804221103844/"; http_uri; depth:57; isdataat:!1,relative; content:"airconfidencebd.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199119/; classtype:trojan-activity;sid:81062219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vcword6.tmp"; http_uri; depth:12; isdataat:!1,relative; content:"camputononaunerytyre.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199118/; classtype:trojan-activity;sid:81062218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/parts_service/iwuxvrhmja/"; http_uri; depth:35; isdataat:!1,relative; content:"lizerubens.be"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199117/; classtype:trojan-activity;sid:81062217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/04t8ju-5o1m33-exgwn/"; http_uri; depth:30; isdataat:!1,relative; content:"diarioprimeraplana.com.mx"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199116/; classtype:trojan-activity;sid:81062216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blogs/llc/yi2j7x85stn1at_4dvhbnr-47282747/"; http_uri; depth:43; isdataat:!1,relative; content:"srgranel.pt"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199115/; classtype:trojan-activity;sid:81062215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/gsai-g663ics-kgisfcn/"; http_uri; depth:30; isdataat:!1,relative; content:"snowballnaturals.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199114/; classtype:trojan-activity;sid:81062214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/llc/mrwfxnpwcwfmieta/"; http_uri; depth:25; isdataat:!1,relative; content:"trademarkloft.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199113/; classtype:trojan-activity;sid:81062213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/j847jw_zwkwgfwq-0043357/"; http_uri; depth:36; isdataat:!1,relative; content:"24mm.site"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199111/; classtype:trojan-activity;sid:81062211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/aayncxxyp/"; http_uri; depth:23; isdataat:!1,relative; content:"magasen5.es"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199112/; classtype:trojan-activity;sid:81062212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/naz2maxyhk_mqzxh-702980429/"; http_uri; depth:37; isdataat:!1,relative; content:"greenstartup.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199110/; classtype:trojan-activity;sid:81062210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/9mz4ot4_4fas2e2-188397447/"; http_uri; depth:35; isdataat:!1,relative; content:"fodabim.com.ng"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199109/; classtype:trojan-activity;sid:81062209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/doc/foqojoiys/"; http_uri; depth:34; isdataat:!1,relative; content:"bloomfire.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199108/; classtype:trojan-activity;sid:81062208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/2x3f8_sl7a5i-4284768725/"; http_uri; depth:36; isdataat:!1,relative; content:"grupoxn.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199107/; classtype:trojan-activity;sid:81062207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/p0fc-ukirhb-npri/"; http_uri; depth:21; isdataat:!1,relative; content:"servicehl.ma"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199106/; classtype:trojan-activity;sid:81062206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/scan/04263hkou_u9q456yn8-3307251785606/"; http_uri; depth:59; isdataat:!1,relative; content:"alageum.chook.kz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199105/; classtype:trojan-activity;sid:81062205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/rnsoyvw-8y64rg-ppgc/"; http_uri; depth:30; isdataat:!1,relative; content:"novaoptica.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199104/; classtype:trojan-activity;sid:81062204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/gjpaygqzruvzkw/"; http_uri; depth:25; isdataat:!1,relative; content:"franshizaturbo.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199103/; classtype:trojan-activity;sid:81062203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zayarlin/document/bejkgnhfydtjbiljqjwhviadu/"; http_uri; depth:45; isdataat:!1,relative; content:"focuseducationcentre.cf"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199102/; classtype:trojan-activity;sid:81062202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/document/zvv6pzemxix7bkqkxcdven37o7v7p8_w4gnn62w-746465135047600/"; http_uri; depth:70; isdataat:!1,relative; content:"ambil-hadiahpb.cf"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199101/; classtype:trojan-activity;sid:81062201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/email/paclm/dsbzhob4b8seeq_zl3zlxclc7-7223513679032/"; http_uri; depth:53; isdataat:!1,relative; content:"economika.com.ve"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199100/; classtype:trojan-activity;sid:81062200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/8nu0md8-38qsi0-iqme/"; http_uri; depth:30; isdataat:!1,relative; content:"lr12sp10.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199099/; classtype:trojan-activity;sid:81062199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wf/clickupn=5-2fczrljymknpo1y1mnhek6qcqz8-2fyuuz7zrsbj4589aq21hchmnapiiqh1jjm8m9ksuebixf3zb0l-2bodb1xdkvg-2b8oomwonwmlbj3yzcoie-3d_jc09-2bmcpkp1e9bp1vk9wx0y6nhmhp0n-2bl4phjvgxdfftr-2fwngcpj0vavt2pblloxzu1ravmmroyyxjtbcdlbdqpfenewdcvmasdg45eurdlgiodgbtdbrm-2b-2fq4cndw4wyedzkjpp1c8onqnkqyxokwckqa9bcvbkupwjq-2fjc3ay5kvajijbec2zxtoliu7uj4hb0jjdd5dcn4hot0gz0iw15qi21m1gqlwu015j5szi-3d"; http_uri; depth:382; isdataat:!1,relative; content:"u3373545.ct.sendgrid.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199098/; classtype:trojan-activity;sid:81062198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/redacaoar=bg834468474brrastreamentoobjetos/sistemas.html"; http_uri; depth:57; isdataat:!1,relative; content:"chichilimxhost.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199097/; classtype:trojan-activity;sid:81062197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/esp/escejhjqiz/"; http_uri; depth:27; isdataat:!1,relative; content:"www.iowaselectvbc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199096/; classtype:trojan-activity;sid:81062196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/g2udma1-tpa02r-feyuejx/g2udma1-tpa02r-feyuejx/"; http_uri; depth:55; isdataat:!1,relative; content:"dieutrigan.com.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199095/; classtype:trojan-activity;sid:81062195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xo/sorai.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"45.67.14.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199094/; classtype:trojan-activity;sid:81062194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xo/sorai.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"45.67.14.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199093/; classtype:trojan-activity;sid:81062193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xo/sorai.arm"; http_uri; depth:13; isdataat:!1,relative; content:"45.67.14.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199092/; classtype:trojan-activity;sid:81062192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xo/sorai.mips"; http_uri; depth:14; isdataat:!1,relative; content:"45.67.14.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199091/; classtype:trojan-activity;sid:81062191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/nsm60x-6fzovcr-gtkxgtl/"; http_uri; depth:43; isdataat:!1,relative; content:"lyvestore.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199090/; classtype:trojan-activity;sid:81062190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/parts_service/zncgw5r30ehtff4w4_nvu506u-84590229280717/"; http_uri; depth:68; isdataat:!1,relative; content:"esquso.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199089/; classtype:trojan-activity;sid:81062189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lib/bf1vgc-kym3vl-moyonq/"; http_uri; depth:26; isdataat:!1,relative; content:"gite-la-gerbiere.fr"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199088/; classtype:trojan-activity;sid:81062188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/yznvck5zdjh_m6ewq2-12021270394/"; http_uri; depth:41; isdataat:!1,relative; content:"gilmatas.000webhostapp.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199087/; classtype:trojan-activity;sid:81062187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/6m7d5hr-jolf92s-dxvkhvz/"; http_uri; depth:37; isdataat:!1,relative; content:"appsville.global"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199086/; classtype:trojan-activity;sid:81062186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dir/jh2cg-cxh72-ocnv/"; http_uri; depth:22; isdataat:!1,relative; content:"keffesrdf.org.ng"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199085/; classtype:trojan-activity;sid:81062185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/esp/escejhjqiz/"; http_uri; depth:27; isdataat:!1,relative; content:"www.iowaselectvbc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199084/; classtype:trojan-activity;sid:81062184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/gsaujyf-ry06n-dssec/"; http_uri; depth:40; isdataat:!1,relative; content:"blog.laviajeria.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199083/; classtype:trojan-activity;sid:81062183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/document/zw020kmf76b9mjrb_75xfiu-31033395686/"; http_uri; depth:58; isdataat:!1,relative; content:"centredentairedouville.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199082/; classtype:trojan-activity;sid:81062182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stats/lm/on6io5qd9ehr135ii96ueery_0zik0pyx4-290001900664299/"; http_uri; depth:61; isdataat:!1,relative; content:"bridgesearch.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199081/; classtype:trojan-activity;sid:81062181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/document/evlbymftmpb/"; http_uri; depth:31; isdataat:!1,relative; content:"limanova.by"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199080/; classtype:trojan-activity;sid:81062180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/vtt3uru-k3dfd-rfeqkz/"; http_uri; depth:41; isdataat:!1,relative; content:"fitnepali.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199079/; classtype:trojan-activity;sid:81062179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/4ur9tmys2h_75g6pp-73387052/"; http_uri; depth:37; isdataat:!1,relative; content:"caddish-seventies.000webhostapp.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199078/; classtype:trojan-activity;sid:81062178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/we.exe"; http_uri; depth:7; isdataat:!1,relative; content:"3bee.in"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199077/; classtype:trojan-activity;sid:81062177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/oee00zh-zklx1k5-tyupq/"; http_uri; depth:32; isdataat:!1,relative; content:"manilaharborpilots.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199076/; classtype:trojan-activity;sid:81062176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/inf/3h8bwmc8sg8bhgmb6oajbqfth1lw6_u963i9ar-5947272013/"; http_uri; depth:67; isdataat:!1,relative; content:"homeedge.co.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199075/; classtype:trojan-activity;sid:81062175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/document/lawittbvpszaluzbtwovwhrk/"; http_uri; depth:47; isdataat:!1,relative; content:"www.kleine-gruesse.de"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199074/; classtype:trojan-activity;sid:81062174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins//yakuza.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"193.56.28.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199073/; classtype:trojan-activity;sid:81062173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/smile1/smiley.doc"; http_uri; depth:21; isdataat:!1,relative; content:"icmap.org.gh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199072/; classtype:trojan-activity;sid:81062172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/smile/smiley.exe"; http_uri; depth:20; isdataat:!1,relative; content:"icmap.org.gh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199071/; classtype:trojan-activity;sid:81062171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/ojay1/eze.doc"; http_uri; depth:17; isdataat:!1,relative; content:"icmap.org.gh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199070/; classtype:trojan-activity;sid:81062170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/ojay/eze.exe"; http_uri; depth:16; isdataat:!1,relative; content:"icmap.org.gh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199069/; classtype:trojan-activity;sid:81062169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/chuchu1/chu.doc"; http_uri; depth:19; isdataat:!1,relative; content:"icmap.org.gh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199068/; classtype:trojan-activity;sid:81062168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/chuchu/chu.exe"; http_uri; depth:18; isdataat:!1,relative; content:"icmap.org.gh"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199067/; classtype:trojan-activity;sid:81062167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins//yakuza.x86"; http_uri; depth:17; isdataat:!1,relative; content:"193.56.28.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199066/; classtype:trojan-activity;sid:81062166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins//yakuza.mips"; http_uri; depth:18; isdataat:!1,relative; content:"193.56.28.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199065/; classtype:trojan-activity;sid:81062165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins//yakuza.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"193.56.28.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199064/; classtype:trojan-activity;sid:81062164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/uwenu-wdun3-aurp/"; http_uri; depth:27; isdataat:!1,relative; content:"xpelair.com.ng"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199063/; classtype:trojan-activity;sid:81062163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"193.56.28.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199062/; classtype:trojan-activity;sid:81062162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"193.56.28.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199061/; classtype:trojan-activity;sid:81062161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x"; http_uri; depth:7; isdataat:!1,relative; content:"193.56.28.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199060/; classtype:trojan-activity;sid:81062160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a_thk.sh"; http_uri; depth:9; isdataat:!1,relative; content:"81.6.42.123"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199059/; classtype:trojan-activity;sid:81062159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/b4pxre6304"; http_uri; depth:14; isdataat:!1,relative; content:"seogood.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199058/; classtype:trojan-activity;sid:81062158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.arm"; http_uri; depth:16; isdataat:!1,relative; content:"193.56.28.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199057/; classtype:trojan-activity;sid:81062157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/inf/nykifxke/"; http_uri; depth:23; isdataat:!1,relative; content:"mattress.com.pk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199056/; classtype:trojan-activity;sid:81062156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/csbluri-69vjyo-gvib/"; http_uri; depth:32; isdataat:!1,relative; content:"toorya.in"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199055/; classtype:trojan-activity;sid:81062155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/7b6ech5-svgat05-fnyjvh/"; http_uri; depth:33; isdataat:!1,relative; content:"an-premium.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199054/; classtype:trojan-activity;sid:81062154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/scan/yygznlklj5_donv8-334023278047356/"; http_uri; depth:47; isdataat:!1,relative; content:"voctech-resources.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199053/; classtype:trojan-activity;sid:81062153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/i4zx84z-shgopmw-trhyisa/"; http_uri; depth:34; isdataat:!1,relative; content:"sofiaymanuel.website"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199052/; classtype:trojan-activity;sid:81062152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/doc/jqbrvctvkhpxixbpvis/"; http_uri; depth:33; isdataat:!1,relative; content:"ihcihc.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199051/; classtype:trojan-activity;sid:81062151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/2spx3-fd0s9jc-wxcnzqe/"; http_uri; depth:32; isdataat:!1,relative; content:"anpuchem.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199050/; classtype:trojan-activity;sid:81062150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/document/qein18j18_d9y843jj7-3116175961/"; http_uri; depth:52; isdataat:!1,relative; content:"mjc-arts-blagnac.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199049/; classtype:trojan-activity;sid:81062149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/product.doc"; http_uri; depth:19; isdataat:!1,relative; content:"peonamusic.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199048/; classtype:trojan-activity;sid:81062148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/nfbyibe-l6cpr-wvgd/"; http_uri; depth:29; isdataat:!1,relative; content:"m-ros.es"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199047/; classtype:trojan-activity;sid:81062147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lipolowwjuy"; http_uri; depth:12; isdataat:!1,relative; content:"cbb.skofirm.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199046/; classtype:trojan-activity;sid:81062146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/b0gk3v7xqs_8737y8-565189409480/"; http_uri; depth:35; isdataat:!1,relative; content:"b118group.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199045/; classtype:trojan-activity;sid:81062145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m9c/phutz63-w90emms-oukwmr/"; http_uri; depth:28; isdataat:!1,relative; content:"corporateipr.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199044/; classtype:trojan-activity;sid:81062144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/scan/cuhgcn4fje3ftup_x82vkmk-064904430823956/"; http_uri; depth:54; isdataat:!1,relative; content:"exposicaoceramicaearte.com.br"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199043/; classtype:trojan-activity;sid:81062143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/iwrivz-kuvph-szzyiic/"; http_uri; depth:31; isdataat:!1,relative; content:"topaqiqah.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199042/; classtype:trojan-activity;sid:81062142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/setupconfigo/0st9376/"; http_uri; depth:22; isdataat:!1,relative; content:"agro-millenial.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199041/; classtype:trojan-activity;sid:81062141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/mpkrlbeemihvhkypheec/"; http_uri; depth:31; isdataat:!1,relative; content:"hestoghundehuset.dk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199040/; classtype:trojan-activity;sid:81062140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/78djj4-9rsc3m6-rwtqz/"; http_uri; depth:30; isdataat:!1,relative; content:"steventoddart.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199039/; classtype:trojan-activity;sid:81062139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/doc/bolcixbcgmomfhfz/"; http_uri; depth:34; isdataat:!1,relative; content:"marin-ostrov.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199038/; classtype:trojan-activity;sid:81062138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/tt4up7x-989rvv-uykocm/"; http_uri; depth:32; isdataat:!1,relative; content:"dronint.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199037/; classtype:trojan-activity;sid:81062137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/dok/x963ssn0_skxizz6j-099060478701887/"; http_uri; depth:42; isdataat:!1,relative; content:"jajiedgenet.name.ng"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199036/; classtype:trojan-activity;sid:81062136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plik/pasgcjiboxfglsfvwgkdq/"; http_uri; depth:39; isdataat:!1,relative; content:"discoversabah.my"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199035/; classtype:trojan-activity;sid:81062135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/qspgn-miqx4yz-hudi/"; http_uri; depth:28; isdataat:!1,relative; content:"halcelemates.com.ng"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199034/; classtype:trojan-activity;sid:81062134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/vgsupeyhnlc8ka4tbdu72wde7khpa_1ganzrzry-05828045/"; http_uri; depth:64; isdataat:!1,relative; content:"proxindo.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199033/; classtype:trojan-activity;sid:81062133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/f8sy-k74kuj-xsaidw/"; http_uri; depth:31; isdataat:!1,relative; content:"smartschools.co.zw"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199032/; classtype:trojan-activity;sid:81062132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cjr9zzp-rf7yx2-rbvxv/"; http_uri; depth:31; isdataat:!1,relative; content:"slppoffice.lk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199031/; classtype:trojan-activity;sid:81062131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/link/20190425/9f86b36.zip"; http_uri; depth:26; isdataat:!1,relative; content:"gdata.co.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199030/; classtype:trojan-activity;sid:81062130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/link/20190425/sample/sample0426.zip"; http_uri; depth:36; isdataat:!1,relative; content:"gdata.co.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199029/; classtype:trojan-activity;sid:81062129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/i5q3jawbcp9_03ums9-7667848091/"; http_uri; depth:41; isdataat:!1,relative; content:"chinyami.co.tz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199028/; classtype:trojan-activity;sid:81062128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/3lte794qnmo8qdk8p_cbdl68-46700341/"; http_uri; depth:47; isdataat:!1,relative; content:"www.nucleomargarethferes.com.br"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199027/; classtype:trojan-activity;sid:81062127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"81.218.196.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199026/; classtype:trojan-activity;sid:81062126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"46.2.63.74"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199025/; classtype:trojan-activity;sid:81062125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/link/20190425/sample/taskhost.zip"; http_uri; depth:34; isdataat:!1,relative; content:"gdata.co.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199024/; classtype:trojan-activity;sid:81062124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x6sm/inc/k9iovbtzedsa1ptk3j_9gqdpmgi-906696776/"; http_uri; depth:48; isdataat:!1,relative; content:"liantrip.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199023/; classtype:trojan-activity;sid:81062123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/host_reset.exe"; http_uri; depth:15; isdataat:!1,relative; content:"silkroad.cuckoo.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199022/; classtype:trojan-activity;sid:81062122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/config_20170925.exe"; http_uri; depth:20; isdataat:!1,relative; content:"silkroad.cuckoo.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199021/; classtype:trojan-activity;sid:81062121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ie11_uninstall.exe"; http_uri; depth:19; isdataat:!1,relative; content:"silkroad.cuckoo.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199020/; classtype:trojan-activity;sid:81062120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/heotbm4-5ea4e-qbhgzg/"; http_uri; depth:26; isdataat:!1,relative; content:"sexlustoys.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199019/; classtype:trojan-activity;sid:81062119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/dok/bkmrgzxziezodqvcvwbtcqinn/"; http_uri; depth:50; isdataat:!1,relative; content:"www.cmg.asia"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199018/; classtype:trojan-activity;sid:81062118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/diaclients/multi-doitall.exe"; http_uri; depth:29; isdataat:!1,relative; content:"www.salonmarketing.ca"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199017/; classtype:trojan-activity;sid:81062117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/r4g71c-hi527kb-verjplp/"; http_uri; depth:33; isdataat:!1,relative; content:"mentfort.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199016/; classtype:trojan-activity;sid:81062116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fwmihe/04qf6uy0/"; http_uri; depth:17; isdataat:!1,relative; content:"royalamericanconstruction.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199015/; classtype:trojan-activity;sid:81062115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/uxhcwqyisuwy/"; http_uri; depth:23; isdataat:!1,relative; content:"kipsoft.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199014/; classtype:trojan-activity;sid:81062114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4xhzvd7/nl12/"; http_uri; depth:14; isdataat:!1,relative; content:"farodebabel.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199013/; classtype:trojan-activity;sid:81062113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fwmihe/04qf6uy0/"; http_uri; depth:17; isdataat:!1,relative; content:"royalamericanconstruction.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199012/; classtype:trojan-activity;sid:81062112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/v2.0.0/7ouvu47/"; http_uri; depth:16; isdataat:!1,relative; content:"proyectonoviembre.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199011/; classtype:trojan-activity;sid:81062111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/pages/srsdahpkkqzbxqvsekpcjtbauxfm/"; http_uri; depth:45; isdataat:!1,relative; content:"vinyasayogaschool.co.in"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199010/; classtype:trojan-activity;sid:81062110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/b4pxre6304/"; http_uri; depth:15; isdataat:!1,relative; content:"seogood.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199009/; classtype:trojan-activity;sid:81062109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/0hz63w-s3alcb-vjrm/"; http_uri; depth:28; isdataat:!1,relative; content:"carlyarts.tk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199008/; classtype:trojan-activity;sid:81062108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/document/zw020kmf76b9mjrb_75xfiu-31033395686/"; http_uri; depth:58; isdataat:!1,relative; content:"centredentairedouville.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199007/; classtype:trojan-activity;sid:81062107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lo/decrypter.exe"; http_uri; depth:17; isdataat:!1,relative; content:"ethclicks.live"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199006/; classtype:trojan-activity;sid:81062106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ss.exe"; http_uri; depth:7; isdataat:!1,relative; content:"ethclick.live"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199005/; classtype:trojan-activity;sid:81062105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/proforma/joko.bat.exe"; http_uri; depth:22; isdataat:!1,relative; content:"www.terryhill.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199004/; classtype:trojan-activity;sid:81062104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp//trouble.mipsel"; http_uri; depth:20; isdataat:!1,relative; content:"114.199.158.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199003/; classtype:trojan-activity;sid:81062103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"//.ex0t1c420"; http_uri; depth:12; isdataat:!1,relative; content:"114.199.158.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199002/; classtype:trojan-activity;sid:81062102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/java_check.exe"; http_uri; depth:15; isdataat:!1,relative; content:"silkroad.cuckoo.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199001/; classtype:trojan-activity;sid:81062101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/f40sb8gz9nnsppjgt7tclxs_gq8nvjogop-96874256/"; http_uri; depth:70; isdataat:!1,relative; content:"rociton.com.bd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/199000/; classtype:trojan-activity;sid:81062100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/6mm2ev14i5rh5iu_1lvoybr-682572903489141/"; http_uri; depth:48; isdataat:!1,relative; content:"furniflair.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198999/; classtype:trojan-activity;sid:81062099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/cgey_vp867s238-17/"; http_uri; depth:31; isdataat:!1,relative; content:"omestremarceneiro.com.br"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198998/; classtype:trojan-activity;sid:81062098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/xmt6ku59pl_86bt8fv-73919803/"; http_uri; depth:38; isdataat:!1,relative; content:"qpdigitech.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198997/; classtype:trojan-activity;sid:81062097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/amqquesqw/"; http_uri; depth:19; isdataat:!1,relative; content:"filto.ml"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198996/; classtype:trojan-activity;sid:81062096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sasnekat.com/awc2601b_kf95uldy4-36/"; http_uri; depth:36; isdataat:!1,relative; content:"e-salampro.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198995/; classtype:trojan-activity;sid:81062095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/hylkldjwoh/"; http_uri; depth:24; isdataat:!1,relative; content:"tongdaifpt.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198994/; classtype:trojan-activity;sid:81062094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/m45zv037uc_nent85daai-282067/"; http_uri; depth:41; isdataat:!1,relative; content:"ppdiamonds.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198993/; classtype:trojan-activity;sid:81062093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/n53x-uxotfh-dxkbol/"; http_uri; depth:29; isdataat:!1,relative; content:"krasotatver.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198992/; classtype:trojan-activity;sid:81062092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/plik/dyyyskgffsivmy/"; http_uri; depth:33; isdataat:!1,relative; content:"logicsoccer.vip"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198991/; classtype:trojan-activity;sid:81062091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xpepriubgpokejifuv7efrhguskdgfjn/ananas.exe"; http_uri; depth:44; isdataat:!1,relative; content:"kentona.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198990/; classtype:trojan-activity;sid:81062090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xpepriubgpokejifuv7efrhguskdgfjn/pasmmm.exe"; http_uri; depth:44; isdataat:!1,relative; content:"kentona.su"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198989/; classtype:trojan-activity;sid:81062089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ip_chk.exe"; http_uri; depth:11; isdataat:!1,relative; content:"silkroad.cuckoo.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198988/; classtype:trojan-activity;sid:81062088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/config_20170829.exe"; http_uri; depth:20; isdataat:!1,relative; content:"silkroad.cuckoo.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198987/; classtype:trojan-activity;sid:81062087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/gsaujyf-ry06n-dssec/"; http_uri; depth:40; isdataat:!1,relative; content:"blog.laviajeria.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198986/; classtype:trojan-activity;sid:81062086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/config_20171213_plm.exe"; http_uri; depth:24; isdataat:!1,relative; content:"silkroad.cuckoo.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198985/; classtype:trojan-activity;sid:81062085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/pr9ybbym351h_l9tw4u8-16488044/"; http_uri; depth:40; isdataat:!1,relative; content:"dukkank.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198984/; classtype:trojan-activity;sid:81062084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/4ssh779-i04deq-vsarad/"; http_uri; depth:32; isdataat:!1,relative; content:"smake.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198983/; classtype:trojan-activity;sid:81062083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/copyright/plik/tjdkgotphoj/"; http_uri; depth:28; isdataat:!1,relative; content:"chinmayacorp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198982/; classtype:trojan-activity;sid:81062082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fasttrackcash/inf/qrjyuodrucg/"; http_uri; depth:31; isdataat:!1,relative; content:"itcshop.com.ng"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198981/; classtype:trojan-activity;sid:81062081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nwama/nwamanew.exe"; http_uri; depth:19; isdataat:!1,relative; content:"ruit.live"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198980/; classtype:trojan-activity;sid:81062080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stannwama/stannwama.exe"; http_uri; depth:24; isdataat:!1,relative; content:"ruit.live"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198979/; classtype:trojan-activity;sid:81062079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/4xaib1-5gzkqtk-ncyncpf/"; http_uri; depth:32; isdataat:!1,relative; content:"sawitandtravel.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198978/; classtype:trojan-activity;sid:81062078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/scan/oylkuxb7d3zafh4_yyzho55c-730553405724/"; http_uri; depth:47; isdataat:!1,relative; content:"hlclighting.ca"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198977/; classtype:trojan-activity;sid:81062077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/9naj-wg0geu-jvhkq/"; http_uri; depth:28; isdataat:!1,relative; content:"kauzar.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198976/; classtype:trojan-activity;sid:81062076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ytn7-eh9d9a0-jphxofx/"; http_uri; depth:33; isdataat:!1,relative; content:"www.sseg.ch"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198975/; classtype:trojan-activity;sid:81062075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/bka7-9lmu27-vhofm/"; http_uri; depth:31; isdataat:!1,relative; content:"shadzisti.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198974/; classtype:trojan-activity;sid:81062074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kopi-kinanthi/dane/s3i4woquxza009qhz8tngvpio_t1ndfy5c-8779808509668/"; http_uri; depth:69; isdataat:!1,relative; content:"agroborobudur.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198973/; classtype:trojan-activity;sid:81062073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/pooi.exe"; http_uri; depth:27; isdataat:!1,relative; content:"mpctunisia.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198972/; classtype:trojan-activity;sid:81062072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/0dxp3gqybi_khdxx-76852614/"; http_uri; depth:52; isdataat:!1,relative; content:"www.vidalgesso.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198971/; classtype:trojan-activity;sid:81062071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/05wvu0-b8bm2-mujg/"; http_uri; depth:28; isdataat:!1,relative; content:"gamingproapps.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198970/; classtype:trojan-activity;sid:81062070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/y2o6h-vnm6vw-ehxybl/"; http_uri; depth:32; isdataat:!1,relative; content:"kamasexstory.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198969/; classtype:trojan-activity;sid:81062069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/document/vtjhcnfgqglxqqzqekohrljd/"; http_uri; depth:46; isdataat:!1,relative; content:"azbeton.ro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198968/; classtype:trojan-activity;sid:81062068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"proapp.icu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198967/; classtype:trojan-activity;sid:81062067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"opencommande.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198966/; classtype:trojan-activity;sid:81062066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"chargement-pro.icu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198965/; classtype:trojan-activity;sid:81062065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"commandeapp.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198964/; classtype:trojan-activity;sid:81062064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/backer/doc/lzdtnrntp/"; http_uri; depth:22; isdataat:!1,relative; content:"theoptimacreative.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198963/; classtype:trojan-activity;sid:81062063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"standardpopulation.icu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198962/; classtype:trojan-activity;sid:81062062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/4auq0kq-t4jx2-nzaey/"; http_uri; depth:32; isdataat:!1,relative; content:"zipzapride.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198961/; classtype:trojan-activity;sid:81062061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"prohq.icu"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198960/; classtype:trojan-activity;sid:81062060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"commandelabs.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198959/; classtype:trojan-activity;sid:81062059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"documentpro.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198958/; classtype:trojan-activity;sid:81062058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"absentselection.icu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198957/; classtype:trojan-activity;sid:81062057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"document-joint.icu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198956/; classtype:trojan-activity;sid:81062056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"continentaltourist.icu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198955/; classtype:trojan-activity;sid:81062055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"commande.icu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198954/; classtype:trojan-activity;sid:81062054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"emaillabs.icu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198953/; classtype:trojan-activity;sid:81062053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"commandehq.icu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198952/; classtype:trojan-activity;sid:81062052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"commandehub.icu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198951/; classtype:trojan-activity;sid:81062051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/inc/becmcsthecywsdunsnpv/"; http_uri; depth:35; isdataat:!1,relative; content:"emcimed.ml"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198950/; classtype:trojan-activity;sid:81062050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/putty.exe"; http_uri; depth:10; isdataat:!1,relative; content:"emailly.icu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198949/; classtype:trojan-activity;sid:81062049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/plik/vshzlpqdixggn/"; http_uri; depth:39; isdataat:!1,relative; content:"batdongsanminhmanh.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198948/; classtype:trojan-activity;sid:81062048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/2mxjeu3-75keej-yodnse/"; http_uri; depth:32; isdataat:!1,relative; content:"cargokz.kz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198947/; classtype:trojan-activity;sid:81062047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/inf/1hpu9k3q05djyl3gq5722_d7u08f-5929583887/"; http_uri; depth:55; isdataat:!1,relative; content:"conjurosdelcorazon.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198946/; classtype:trojan-activity;sid:81062046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tttn-green/7yurlqz-imfjsfr-vcha/"; http_uri; depth:33; isdataat:!1,relative; content:"vnmax.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198945/; classtype:trojan-activity;sid:81062045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/dok/zpvmjpqxyuijgqjysnnjpbauk/"; http_uri; depth:42; isdataat:!1,relative; content:"ogricc.gov.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198944/; classtype:trojan-activity;sid:81062044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/lm/lm/vtugyudgncbiglumipu/"; http_uri; depth:36; isdataat:!1,relative; content:"9coderz.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198943/; classtype:trojan-activity;sid:81062043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/i63i-fc189k-plkiv/"; http_uri; depth:30; isdataat:!1,relative; content:"khusalrefrigeration.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198942/; classtype:trojan-activity;sid:81062042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/watchdog.exet=2019-05-20"; http_uri; depth:29; isdataat:!1,relative; content:"seamonkey.club"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198941/; classtype:trojan-activity;sid:81062041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/nyfntba53q421e5_w8kt7s9ow-26401916920/"; http_uri; depth:50; isdataat:!1,relative; content:"www.mulard.co.il"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198940/; classtype:trojan-activity;sid:81062040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yfbh/pvhwwa-xg74b4-bknrdh/"; http_uri; depth:27; isdataat:!1,relative; content:"euma.vn"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198939/; classtype:trojan-activity;sid:81062039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/html5lightbox/e49fc-v1zh9o-zrdsp/"; http_uri; depth:34; isdataat:!1,relative; content:"seabird.com.ph"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198938/; classtype:trojan-activity;sid:81062038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/tbkh1v-qjzzn3-wvojp/"; http_uri; depth:24; isdataat:!1,relative; content:"ecommercefajeza.web.id"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198937/; classtype:trojan-activity;sid:81062037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/dok/mpmd1xmzhl8ijhcvdh2d40r249a_07m8onqzs-192022041933115/"; http_uri; depth:68; isdataat:!1,relative; content:"noons.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198936/; classtype:trojan-activity;sid:81062036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xxattl/83dp4mk-3qxhlx-nvjq/"; http_uri; depth:28; isdataat:!1,relative; content:"thptngochoi.edu.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198935/; classtype:trojan-activity;sid:81062035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/k8xc-vr0ue-ryktr/"; http_uri; depth:27; isdataat:!1,relative; content:"thethaoams.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198934/; classtype:trojan-activity;sid:81062034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/parts_service/s5nvqu5cu5xiavsm_tt4g6sg-9685915454/"; http_uri; depth:60; isdataat:!1,relative; content:"giaoducvacongnghe.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198933/; classtype:trojan-activity;sid:81062033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/s5045m4kdv2yxwdez6m21k7oq5xe_smdxp-8989005213940/"; http_uri; depth:59; isdataat:!1,relative; content:"branner-chile.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198932/; classtype:trojan-activity;sid:81062032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/typo3_src-7.6.11/3jo2nmg-58mws-pospv/"; http_uri; depth:38; isdataat:!1,relative; content:"placo.de"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198931/; classtype:trojan-activity;sid:81062031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/esp/athzlykkqkvknkho/"; http_uri; depth:34; isdataat:!1,relative; content:"blog.chewigem.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198930/; classtype:trojan-activity;sid:81062030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/xvjzssilsplhybcbboc/"; http_uri; depth:30; isdataat:!1,relative; content:"www.eratoact.de"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198929/; classtype:trojan-activity;sid:81062029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dl/70967328-75843699-19193941/30885056/20070223101355468_driver.exe"; http_uri; depth:68; isdataat:!1,relative; content:"www.helpjet.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198928/; classtype:trojan-activity;sid:81062028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/dane/qdssdarpbt/"; http_uri; depth:25; isdataat:!1,relative; content:"sulkanvariasimotor.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198927/; classtype:trojan-activity;sid:81062027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/zbb9q-if7z3-xncfy/"; http_uri; depth:28; isdataat:!1,relative; content:"ovakast.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198926/; classtype:trojan-activity;sid:81062026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/plik/wndpifvajs/"; http_uri; depth:29; isdataat:!1,relative; content:"dag.gog.pk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198925/; classtype:trojan-activity;sid:81062025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/w4bp-8yhaza-zqxtij/"; http_uri; depth:31; isdataat:!1,relative; content:"kbolotin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198924/; classtype:trojan-activity;sid:81062024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/dane/opnavrth/"; http_uri; depth:27; isdataat:!1,relative; content:"finanskral.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198923/; classtype:trojan-activity;sid:81062023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/voo74gu-yc23wv6-eysshi/"; http_uri; depth:27; isdataat:!1,relative; content:"qwelaproducts.co.za"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198922/; classtype:trojan-activity;sid:81062022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/hmeszqkrw/"; http_uri; depth:22; isdataat:!1,relative; content:"mmgbarbers.sk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198921/; classtype:trojan-activity;sid:81062021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gmnaj-28u4pg-jpec/"; http_uri; depth:30; isdataat:!1,relative; content:"teknikkuvvet.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198920/; classtype:trojan-activity;sid:81062020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/dok/qauowl45eharem4bo5i0_9vtspc-07835495394/"; http_uri; depth:57; isdataat:!1,relative; content:"sanalkeyfi.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198919/; classtype:trojan-activity;sid:81062019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/64799-4om1s-llzcc/"; http_uri; depth:27; isdataat:!1,relative; content:"bkr.al"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198918/; classtype:trojan-activity;sid:81062018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/paclm/02oyix5wanbeegnxcnudm_m9wha6e-6640018143938/"; http_uri; depth:54; isdataat:!1,relative; content:"e-controlempresarial.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198917/; classtype:trojan-activity;sid:81062017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/40zpx-msvngf-sstoene/"; http_uri; depth:30; isdataat:!1,relative; content:"bkr.al"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198916/; classtype:trojan-activity;sid:81062016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/file/ruaxvpmvnjujctjellt/"; http_uri; depth:37; isdataat:!1,relative; content:"blog.dmtours.lk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198915/; classtype:trojan-activity;sid:81062015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/uq78wg-g5po55l-edvmjx/"; http_uri; depth:35; isdataat:!1,relative; content:"ford-capital.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198914/; classtype:trojan-activity;sid:81062014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/1fcjc8_m4lnj7ffng-755100/"; http_uri; depth:38; isdataat:!1,relative; content:"aworldtourism.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198913/; classtype:trojan-activity;sid:81062013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/m45zv037uc_nent85daai-282067/"; http_uri; depth:41; isdataat:!1,relative; content:"ppdiamonds.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198912/; classtype:trojan-activity;sid:81062012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/jesfyuipmv/"; http_uri; depth:23; isdataat:!1,relative; content:"serwiskonsol.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198911/; classtype:trojan-activity;sid:81062011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/7jn9p7_qou49bjodx-33953/"; http_uri; depth:37; isdataat:!1,relative; content:"santuarioaparecidamontese.com.br"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198910/; classtype:trojan-activity;sid:81062010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/yrkvm4vyy_ybidb-43745207/"; http_uri; depth:38; isdataat:!1,relative; content:"saminprinter.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198909/; classtype:trojan-activity;sid:81062009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wenhuajingdian/upfiles/chm_exe/szbf.exe"; http_uri; depth:40; isdataat:!1,relative; content:"www.jxwmw.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198908/; classtype:trojan-activity;sid:81062008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/scan/ok6ulsnds83m0s_6gz9lcuo8c-605978940826/"; http_uri; depth:57; isdataat:!1,relative; content:"swansgateshoppingcentre.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198907/; classtype:trojan-activity;sid:81062007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/ulot.hta"; http_uri; depth:16; isdataat:!1,relative; content:"www.florist.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198906/; classtype:trojan-activity;sid:81062006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mailbox/neworder052019z.exe"; http_uri; depth:28; isdataat:!1,relative; content:"www.florist.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198905/; classtype:trojan-activity;sid:81062005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/y0og46-pud86sj-qmdnev/"; http_uri; depth:33; isdataat:!1,relative; content:"www.maria-hilber.at"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198904/; classtype:trojan-activity;sid:81062004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/llc/rjhjsofereabfvkogjwenesinf/"; http_uri; depth:40; isdataat:!1,relative; content:"nforsdt.org.np"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198903/; classtype:trojan-activity;sid:81062003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/wp-includes/micheal.exe"; http_uri; depth:29; isdataat:!1,relative; content:"ec.rk-store.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198902/; classtype:trojan-activity;sid:81062002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/inf/bztyzlggvyarnnbzpstrttugjy/"; http_uri; depth:39; isdataat:!1,relative; content:"skilancein.000webhostapp.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198901/; classtype:trojan-activity;sid:81062001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wga_v1.9.9.1_crack.exe"; http_uri; depth:23; isdataat:!1,relative; content:"www.stahuj.detailne.sk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198900/; classtype:trojan-activity;sid:81062000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/wt6adv7-xupjzl1-sidkes/"; http_uri; depth:36; isdataat:!1,relative; content:"havistore.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198899/; classtype:trojan-activity;sid:81061999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/esp/2lcrz1uaq99jqg6x_btdci7az-5511668994948/"; http_uri; depth:54; isdataat:!1,relative; content:"kuramodev.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198898/; classtype:trojan-activity;sid:81061998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/e6k9v2v6m0_tfl09azf-288153120/"; http_uri; depth:42; isdataat:!1,relative; content:"kgdotcom.my"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198897/; classtype:trojan-activity;sid:81061997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/inc/juhaf2gpzpre8l0r8_oxgpt10p4k-655294884301/"; http_uri; depth:60; isdataat:!1,relative; content:"easyshirts.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198896/; classtype:trojan-activity;sid:81061996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/x1zu-9l83g-fhhdw/"; http_uri; depth:21; isdataat:!1,relative; content:"sreelabels.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198895/; classtype:trojan-activity;sid:81061995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pages/iq89n0t5_yfxzp-070843819/"; http_uri; depth:43; isdataat:!1,relative; content:"anase.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198894/; classtype:trojan-activity;sid:81061994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/qon3os-lg1iwjy-xwfjr/"; http_uri; depth:33; isdataat:!1,relative; content:"grinq.com.ua"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198893/; classtype:trojan-activity;sid:81061993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sites/g5s0cqbrbdtc4bztn28lrvecg_aftk3-599397264076510/"; http_uri; depth:66; isdataat:!1,relative; content:"xn--b1aafke9aadcbbkcup.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198892/; classtype:trojan-activity;sid:81061992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/protected.doc"; http_uri; depth:14; isdataat:!1,relative; content:"servers.intlde.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198891/; classtype:trojan-activity;sid:81061991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/protected.msi"; http_uri; depth:14; isdataat:!1,relative; content:"servers.intlde.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198890/; classtype:trojan-activity;sid:81061990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/vyeow9-3fruh-vbno/"; http_uri; depth:38; isdataat:!1,relative; content:"greencampus.uho.ac.id"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198889/; classtype:trojan-activity;sid:81061989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/scan/a2pifq3p6qv3z9qrh_8g7y3a-09960395/"; http_uri; depth:52; isdataat:!1,relative; content:"tollfreeservice.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198888/; classtype:trojan-activity;sid:81061988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/h2uy3p-uanu36y-qpfbabc/"; http_uri; depth:35; isdataat:!1,relative; content:"grupoxn.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198887/; classtype:trojan-activity;sid:81061987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vintageford/dok/kfsiivarpfzke/"; http_uri; depth:31; isdataat:!1,relative; content:"ippserver.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198886/; classtype:trojan-activity;sid:81061986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/config_20180706.exe"; http_uri; depth:20; isdataat:!1,relative; content:"silkroad.cuckoo.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198885/; classtype:trojan-activity;sid:81061985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/w5oag-8zn3m-sqwgp/"; http_uri; depth:38; isdataat:!1,relative; content:"healthytick.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198884/; classtype:trojan-activity;sid:81061984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/doc/9qzrb8epfmvac53u0v2um9uk3vkkc0_llqs4z0i5-693725156265103/"; http_uri; depth:74; isdataat:!1,relative; content:"colegioadventistadeibague.edu.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198883/; classtype:trojan-activity;sid:81061983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/inf/c4teq5ffq0hjteg_9qoc5-80393959987984/"; http_uri; depth:54; isdataat:!1,relative; content:"camioaneonline.ro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198882/; classtype:trojan-activity;sid:81061982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/mf75rsm-y1pndse-apjgbfv/"; http_uri; depth:37; isdataat:!1,relative; content:"egplms.okmot.kg"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198881/; classtype:trojan-activity;sid:81061981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/qwswz4-9sir7-jxlh/"; http_uri; depth:28; isdataat:!1,relative; content:"bimodalitil.com.ve"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198880/; classtype:trojan-activity;sid:81061980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/wp-includes/chika.exe"; http_uri; depth:27; isdataat:!1,relative; content:"ec.rk-store.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198879/; classtype:trojan-activity;sid:81061979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/d1bjgv8a"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198878/; classtype:trojan-activity;sid:81061978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/proforma/crpholi.exe"; http_uri; depth:21; isdataat:!1,relative; content:"www.terryhill.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198877/; classtype:trojan-activity;sid:81061977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/phone-bar-icon_5a6a9f8dd491a9.4204272115169371018707.jpg"; http_uri; depth:57; isdataat:!1,relative; content:"huanitilo.press"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198876/; classtype:trojan-activity;sid:81061976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/6q5qhhd.png"; http_uri; depth:12; isdataat:!1,relative; content:"i.imgur.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198875/; classtype:trojan-activity;sid:81061975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mips"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198874/; classtype:trojan-activity;sid:81061974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/flix"; http_uri; depth:5; isdataat:!1,relative; content:"206.189.18.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198873/; classtype:trojan-activity;sid:81061973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.sh4"; http_uri; depth:12; isdataat:!1,relative; content:"68.183.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198872/; classtype:trojan-activity;sid:81061972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"188.166.108.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198871/; classtype:trojan-activity;sid:81061971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.i686"; http_uri; depth:13; isdataat:!1,relative; content:"68.183.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198870/; classtype:trojan-activity;sid:81061970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.arm7"; http_uri; depth:11; isdataat:!1,relative; content:"89.34.26.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198869/; classtype:trojan-activity;sid:81061969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.sparc"; http_uri; depth:14; isdataat:!1,relative; content:"68.183.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198868/; classtype:trojan-activity;sid:81061968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pie"; http_uri; depth:4; isdataat:!1,relative; content:"206.189.18.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198867/; classtype:trojan-activity;sid:81061967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fwdfvf"; http_uri; depth:7; isdataat:!1,relative; content:"68.183.201.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198866/; classtype:trojan-activity;sid:81061966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cemtop"; http_uri; depth:7; isdataat:!1,relative; content:"68.183.201.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198865/; classtype:trojan-activity;sid:81061965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.ppc"; http_uri; depth:12; isdataat:!1,relative; content:"68.183.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198864/; classtype:trojan-activity;sid:81061964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"188.166.108.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198863/; classtype:trojan-activity;sid:81061963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.arm6"; http_uri; depth:13; isdataat:!1,relative; content:"68.183.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198862/; classtype:trojan-activity;sid:81061962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.arm4"; http_uri; depth:13; isdataat:!1,relative; content:"68.183.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198861/; classtype:trojan-activity;sid:81061961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.i586"; http_uri; depth:13; isdataat:!1,relative; content:"68.183.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198860/; classtype:trojan-activity;sid:81061960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/syn"; http_uri; depth:4; isdataat:!1,relative; content:"206.189.18.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198859/; classtype:trojan-activity;sid:81061959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"188.166.108.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198858/; classtype:trojan-activity;sid:81061958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.arm5"; http_uri; depth:13; isdataat:!1,relative; content:"68.183.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198857/; classtype:trojan-activity;sid:81061957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/popper"; http_uri; depth:7; isdataat:!1,relative; content:"206.189.18.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198856/; classtype:trojan-activity;sid:81061956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"188.166.108.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198855/; classtype:trojan-activity;sid:81061955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ricky"; http_uri; depth:6; isdataat:!1,relative; content:"206.189.18.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198854/; classtype:trojan-activity;sid:81061954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"68.183.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198853/; classtype:trojan-activity;sid:81061953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x86"; http_uri; depth:10; isdataat:!1,relative; content:"157.230.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198852/; classtype:trojan-activity;sid:81061952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/berry"; http_uri; depth:6; isdataat:!1,relative; content:"206.189.18.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198851/; classtype:trojan-activity;sid:81061951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"89.34.26.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198850/; classtype:trojan-activity;sid:81061950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.x86"; http_uri; depth:12; isdataat:!1,relative; content:"68.183.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198849/; classtype:trojan-activity;sid:81061949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"89.34.26.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198848/; classtype:trojan-activity;sid:81061948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razdzn"; http_uri; depth:7; isdataat:!1,relative; content:"68.183.201.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198847/; classtype:trojan-activity;sid:81061947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"157.230.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198846/; classtype:trojan-activity;sid:81061946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/roose"; http_uri; depth:6; isdataat:!1,relative; content:"206.189.18.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198845/; classtype:trojan-activity;sid:81061945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i686"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198844/; classtype:trojan-activity;sid:81061944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i586"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198843/; classtype:trojan-activity;sid:81061943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.mips"; http_uri; depth:13; isdataat:!1,relative; content:"68.183.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198842/; classtype:trojan-activity;sid:81061942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.arm7"; http_uri; depth:13; isdataat:!1,relative; content:"68.183.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198841/; classtype:trojan-activity;sid:81061941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.m68k"; http_uri; depth:13; isdataat:!1,relative; content:"68.183.201.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198840/; classtype:trojan-activity;sid:81061940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198839/; classtype:trojan-activity;sid:81061939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"157.230.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198838/; classtype:trojan-activity;sid:81061938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm7"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198837/; classtype:trojan-activity;sid:81061937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cax"; http_uri; depth:4; isdataat:!1,relative; content:"206.189.18.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198836/; classtype:trojan-activity;sid:81061936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/water"; http_uri; depth:6; isdataat:!1,relative; content:"206.189.18.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198835/; classtype:trojan-activity;sid:81061935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198834/; classtype:trojan-activity;sid:81061934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198832/; classtype:trojan-activity;sid:81061932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/grape"; http_uri; depth:6; isdataat:!1,relative; content:"206.189.18.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198833/; classtype:trojan-activity;sid:81061933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/axe"; http_uri; depth:4; isdataat:!1,relative; content:"206.189.18.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198831/; classtype:trojan-activity;sid:81061931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tuan"; http_uri; depth:5; isdataat:!1,relative; content:"206.189.18.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198830/; classtype:trojan-activity;sid:81061930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198829/; classtype:trojan-activity;sid:81061929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198828/; classtype:trojan-activity;sid:81061928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"157.230.211.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198827/; classtype:trojan-activity;sid:81061927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1/159"; http_uri; depth:6; isdataat:!1,relative; content:"45.67.14.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198826/; classtype:trojan-activity;sid:81061926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/omh908585.exe"; http_uri; depth:14; isdataat:!1,relative; content:"hjcleans.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198825/; classtype:trojan-activity;sid:81061925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/s445/"; http_uri; depth:9; isdataat:!1,relative; content:"developing.soulbrights.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198824/; classtype:trojan-activity;sid:81061924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uma-site/isi2/"; http_uri; depth:15; isdataat:!1,relative; content:"avitrons.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198823/; classtype:trojan-activity;sid:81061923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/fj68724812/"; http_uri; depth:23; isdataat:!1,relative; content:"eric-mandala.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198822/; classtype:trojan-activity;sid:81061922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/zm6481/"; http_uri; depth:17; isdataat:!1,relative; content:"bystekstil.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198821/; classtype:trojan-activity;sid:81061921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/zpjdvy17/"; http_uri; depth:19; isdataat:!1,relative; content:"tenantscreeningasia.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198820/; classtype:trojan-activity;sid:81061920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/proforma/ttkoooo.exe"; http_uri; depth:21; isdataat:!1,relative; content:"www.terryhill.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198819/; classtype:trojan-activity;sid:81061919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/proforma/ifycrypt2.exe"; http_uri; depth:23; isdataat:!1,relative; content:"www.terryhill.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198818/; classtype:trojan-activity;sid:81061918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/proforma/bobnewcr.exe"; http_uri; depth:22; isdataat:!1,relative; content:"www.terryhill.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198817/; classtype:trojan-activity;sid:81061917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/proforma/50knewcr.exe"; http_uri; depth:22; isdataat:!1,relative; content:"www.terryhill.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198816/; classtype:trojan-activity;sid:81061916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nn/hosting.exe"; http_uri; depth:15; isdataat:!1,relative; content:"a0304381.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198815/; classtype:trojan-activity;sid:81061915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/diaclients/multi-doitall.exe"; http_uri; depth:29; isdataat:!1,relative; content:"salonmarketing.ca"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198814/; classtype:trojan-activity;sid:81061914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/freedom/_sec_/sengee.exe"; http_uri; depth:44; isdataat:!1,relative; content:"mattcas.com.hk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198813/; classtype:trojan-activity;sid:81061913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bodeman/net/mon.rtf"; http_uri; depth:20; isdataat:!1,relative; content:"prodcutclub.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198812/; classtype:trojan-activity;sid:81061912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bodeman/net/monn.rtf"; http_uri; depth:21; isdataat:!1,relative; content:"prodcutclub.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198811/; classtype:trojan-activity;sid:81061911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/celeeee.exe"; http_uri; depth:12; isdataat:!1,relative; content:"mnsoorysoemsystems.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198810/; classtype:trojan-activity;sid:81061910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chri.exe"; http_uri; depth:9; isdataat:!1,relative; content:"mnsoorysoemsystems.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198809/; classtype:trojan-activity;sid:81061909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bodeman/net/monmoney.exe"; http_uri; depth:25; isdataat:!1,relative; content:"prodcutclub.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198808/; classtype:trojan-activity;sid:81061908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rs134dsf345fgd_signed.exe"; http_uri; depth:26; isdataat:!1,relative; content:"vbn34d.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198807/; classtype:trojan-activity;sid:81061907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_output3ddc950rr.exe"; http_uri; depth:21; isdataat:!1,relative; content:"vbn34d.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198806/; classtype:trojan-activity;sid:81061906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wga_v1.9.9.1_crack.exe"; http_uri; depth:23; isdataat:!1,relative; content:"stahuj.detailne.sk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198805/; classtype:trojan-activity;sid:81061905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/games/multiplayer/conquer_v5287_p2p.exe"; http_uri; depth:40; isdataat:!1,relative; content:"esfiles.brothersoft.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198804/; classtype:trojan-activity;sid:81061904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/get/298750/11832589/irk.exe"; http_uri; depth:28; isdataat:!1,relative; content:"ddl7.data.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198803/; classtype:trojan-activity;sid:81061903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/all-in-one-seo/4.exe"; http_uri; depth:40; isdataat:!1,relative; content:"scrapbooking.pro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198802/; classtype:trojan-activity;sid:81061902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/internet/download_managers/crackdownloader_2_2.exe"; http_uri; depth:51; isdataat:!1,relative; content:"rufiles.brothersoft.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198800/; classtype:trojan-activity;sid:81061900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgzpr0z.exe"; http_uri; depth:12; isdataat:!1,relative; content:"nebraskacharters.com.au"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198799/; classtype:trojan-activity;sid:81061899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orig/po8398933.exe"; http_uri; depth:19; isdataat:!1,relative; content:"pletroberto.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198798/; classtype:trojan-activity;sid:81061898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akbins/mips.akirag"; http_uri; depth:19; isdataat:!1,relative; content:"94.177.247.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198797/; classtype:trojan-activity;sid:81061897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.x86"; http_uri; depth:10; isdataat:!1,relative; content:"198.12.97.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198796/; classtype:trojan-activity;sid:81061896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.x86"; http_uri; depth:10; isdataat:!1,relative; content:"198.12.97.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198795/; classtype:trojan-activity;sid:81061895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; content:"104.248.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198794/; classtype:trojan-activity;sid:81061894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"104.248.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198793/; classtype:trojan-activity;sid:81061893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198792/; classtype:trojan-activity;sid:81061892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198791/; classtype:trojan-activity;sid:81061891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"104.248.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198790/; classtype:trojan-activity;sid:81061890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198789/; classtype:trojan-activity;sid:81061889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm7"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198788/; classtype:trojan-activity;sid:81061888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"134.209.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198787/; classtype:trojan-activity;sid:81061887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198786/; classtype:trojan-activity;sid:81061886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198785/; classtype:trojan-activity;sid:81061885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x86"; http_uri; depth:10; isdataat:!1,relative; content:"134.209.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198784/; classtype:trojan-activity;sid:81061884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198783/; classtype:trojan-activity;sid:81061883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198782/; classtype:trojan-activity;sid:81061882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i586"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198781/; classtype:trojan-activity;sid:81061881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i686"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198780/; classtype:trojan-activity;sid:81061880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198779/; classtype:trojan-activity;sid:81061879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"134.209.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198778/; classtype:trojan-activity;sid:81061878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mips"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198777/; classtype:trojan-activity;sid:81061877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.42.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198776/; classtype:trojan-activity;sid:81061876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198775/; classtype:trojan-activity;sid:81061875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"104.248.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198773/; classtype:trojan-activity;sid:81061873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198774/; classtype:trojan-activity;sid:81061874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; content:"104.248.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198772/; classtype:trojan-activity;sid:81061872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"40.117.63.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198771/; classtype:trojan-activity;sid:81061871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killer.sparc"; http_uri; depth:13; isdataat:!1,relative; content:"185.244.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198770/; classtype:trojan-activity;sid:81061870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"40.117.63.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198769/; classtype:trojan-activity;sid:81061869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"40.117.63.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198768/; classtype:trojan-activity;sid:81061868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"40.117.63.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198767/; classtype:trojan-activity;sid:81061867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"40.117.63.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198766/; classtype:trojan-activity;sid:81061866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"40.117.63.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198765/; classtype:trojan-activity;sid:81061865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nut"; http_uri; depth:4; isdataat:!1,relative; content:"40.117.63.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198764/; classtype:trojan-activity;sid:81061864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"40.117.63.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198763/; classtype:trojan-activity;sid:81061863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"40.117.63.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198762/; classtype:trojan-activity;sid:81061862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"104.248.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198761/; classtype:trojan-activity;sid:81061861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.32.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198760/; classtype:trojan-activity;sid:81061860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4444"; http_uri; depth:5; isdataat:!1,relative; content:"122.114.120.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198759/; classtype:trojan-activity;sid:81061859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"40.117.63.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198758/; classtype:trojan-activity;sid:81061858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2019"; http_uri; depth:5; isdataat:!1,relative; content:"61.160.213.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198757/; classtype:trojan-activity;sid:81061857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a21jj"; http_uri; depth:6; isdataat:!1,relative; content:"192.200.194.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198756/; classtype:trojan-activity;sid:81061856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi/pmdghlnrayipimmhinvshzaxmxzvv/"; http_uri; depth:35; isdataat:!1,relative; content:"computerbootup.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198755/; classtype:trojan-activity;sid:81061855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/scan/qgi7r0g6neq5gak2d1nlamx5xu_sxbdyhu-88393500801483/"; http_uri; depth:67; isdataat:!1,relative; content:"cbmagency.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198754/; classtype:trojan-activity;sid:81061854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/rxepxifapjpamshvbpeebjbc/"; http_uri; depth:40; isdataat:!1,relative; content:"euma.vn"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198753/; classtype:trojan-activity;sid:81061853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/doc/tvohhrtjpsh/"; http_uri; depth:29; isdataat:!1,relative; content:"giangphan.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198752/; classtype:trojan-activity;sid:81061852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/llc/bs5wlwidu_lhwh8-6531737739304/"; http_uri; depth:46; isdataat:!1,relative; content:"pomohouse.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198751/; classtype:trojan-activity;sid:81061851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/oglr7g1ozcgl7iem9rugqohcuhrt8_itksg7f4w-7376898186/"; http_uri; depth:77; isdataat:!1,relative; content:"onextrasomma.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198750/; classtype:trojan-activity;sid:81061850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/554736/mzohqted8eyvyhn65rlav1reztoken=eyjhbgcioijkaxiilcjlbmmioijbmti4q0jdluhtmju2in0..4r4z-g-8youuvult1dihkg.vhjt20xvcwtmdciy2oaaaqkdimrlh-ei6eubqv7bijw4p3wqoqjay5s4cdrjdptladavfecpyqmfbskqtzuhs1usau0enarrojrahukpcmd1kq57q6kmxmljfz882v2uo-qukdrevgi_l02ihcc5sycolxarpmpdf65zwltxuvdhny9zexbz4jcw-4hot5emeb0s5al2klzcocpntfxurpypboyaay_guvfqysqop69bn7q6f7_vq8u3-dq4sulfngtugtfk4dggs9jlccvwda.8jxevmvdzi-uij7icm1vcw"; http_uri; depth:423; isdataat:!1,relative; content:"p18.zdusercontent.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198749/; classtype:trojan-activity;sid:81061849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"157.230.102.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198748/; classtype:trojan-activity;sid:81061848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dreamtrips_us5.exe"; http_uri; depth:19; isdataat:!1,relative; content:"dreamtrips.cheap"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198747/; classtype:trojan-activity;sid:81061847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"157.230.102.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_20; reference:url, urlhaus.abuse.ch/url/198746/; classtype:trojan-activity;sid:81061846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/acc/7fk45918/"; http_uri; depth:14; isdataat:!1,relative; content:"itreni.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198745/; classtype:trojan-activity;sid:81061845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/public_segment/sec/eng/accs/open_resourse/"; http_uri; depth:54; isdataat:!1,relative; content:"zorem.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198744/; classtype:trojan-activity;sid:81061844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/554736/mzohqted8eyvyhn65rlav1reztoken=eyjhbgcioijkaxiilcjlbmmioijbmti4q0jdluhtmju2in0..fjdrng5zmu-twlpf1mtzgg.yyzyncljb6n1u_cmdup-u1oaes7rbt7g7ajlqdicq7mmaxujsgdzbfyjbufp2ndgnsdo1k1jtcr6bututpfshayws4t_eztprxarbkbzpp-iwb3f_vdovmbribc6bliluxrw4djmymemzlyvsr15ry96zm_lfjf9gvxle6jvmqa9ladv4fazaykzaheib9oggaoemxs3iceaibk_nb4x3rqs-ybgqmcygywm3olhpcefuigoczx9une1vcirqm9alych8criwzmxp3yhxdx27g.xy_zhvhosoxq7yf9owiuvw"; http_uri; depth:423; isdataat:!1,relative; content:"p18.zdusercontent.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198743/; classtype:trojan-activity;sid:81061843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tutorial/addnews/css/25301/"; http_uri; depth:28; isdataat:!1,relative; content:"irismal.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198742/; classtype:trojan-activity;sid:81061842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wf/clickupn=pwx4rjtyebdkgfsangfu1kaxosdycbix9ie153zpq7takvov-2fjx4ohckp0q31hqc_f1hzoeyyv7ky68upabk06-2blgyg4y1edqlfxrpqh2jvgmg6czl6qgsi9zw32zcvtatg4eopv-2fj1crgkhynzfgc15pncdpxopktbjfhpfxrwvtr-2fzlxciswxg7aumnjofhn8ls7vz-2fosclouwdvkl9dvmz5nemmrs8yj7ybfk4lt0sli2bk-2fjbn6l6i6yxthunjnsf-2f5ykitkmdptcm7g69iiidpdilxylqrzfyzuxlds-3d"; http_uri; depth:330; isdataat:!1,relative; content:"u7906250.ct.sendgrid.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198741/; classtype:trojan-activity;sid:81061841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.129.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198740/; classtype:trojan-activity;sid:81061840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198739/; classtype:trojan-activity;sid:81061839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198738/; classtype:trojan-activity;sid:81061838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mips"; http_uri; depth:15; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198737/; classtype:trojan-activity;sid:81061837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198736/; classtype:trojan-activity;sid:81061836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198735/; classtype:trojan-activity;sid:81061835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198734/; classtype:trojan-activity;sid:81061834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198733/; classtype:trojan-activity;sid:81061833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mips"; http_uri; depth:15; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198732/; classtype:trojan-activity;sid:81061832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198731/; classtype:trojan-activity;sid:81061831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198730/; classtype:trojan-activity;sid:81061830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198729/; classtype:trojan-activity;sid:81061829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198728/; classtype:trojan-activity;sid:81061828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198727/; classtype:trojan-activity;sid:81061827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198726/; classtype:trojan-activity;sid:81061826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198725/; classtype:trojan-activity;sid:81061825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198724/; classtype:trojan-activity;sid:81061824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/payment.exe"; http_uri; depth:12; isdataat:!1,relative; content:"www.eurocontrolint.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198723/; classtype:trojan-activity;sid:81061823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/funds.exe"; http_uri; depth:10; isdataat:!1,relative; content:"eurocontrolint.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198722/; classtype:trojan-activity;sid:81061822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86"; http_uri; depth:14; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198721/; classtype:trojan-activity;sid:81061821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"51.255.54.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198720/; classtype:trojan-activity;sid:81061820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8p9x1ovqv/8a1.exe"; http_uri; depth:18; isdataat:!1,relative; content:"gmo.fuero.pl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198719/; classtype:trojan-activity;sid:81061819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"2.85.25.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198718/; classtype:trojan-activity;sid:81061818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86"; http_uri; depth:14; isdataat:!1,relative; content:"185.144.159.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198717/; classtype:trojan-activity;sid:81061817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.129.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198716/; classtype:trojan-activity;sid:81061816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"104.248.129.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198715/; classtype:trojan-activity;sid:81061815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"51.255.54.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198714/; classtype:trojan-activity;sid:81061814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"51.255.54.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198713/; classtype:trojan-activity;sid:81061813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"51.255.54.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198711/; classtype:trojan-activity;sid:81061811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"51.255.54.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198712/; classtype:trojan-activity;sid:81061812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"51.255.54.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198710/; classtype:trojan-activity;sid:81061810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"51.255.54.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198709/; classtype:trojan-activity;sid:81061809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"51.255.54.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198708/; classtype:trojan-activity;sid:81061808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/8/3/4/4/83449656/open_to_generate_gems_.exe"; http_uri; depth:52; isdataat:!1,relative; content:"gem4gt.weebly.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198707/; classtype:trojan-activity;sid:81061807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/2/8/7/6/28761185/winskype.exe"; http_uri; depth:38; isdataat:!1,relative; content:"winskype.weebly.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198706/; classtype:trojan-activity;sid:81061806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8p9x1ovqv/35a.exe"; http_uri; depth:18; isdataat:!1,relative; content:"gmo.fuero.pl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198705/; classtype:trojan-activity;sid:81061805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"51.255.54.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198704/; classtype:trojan-activity;sid:81061804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198703/; classtype:trojan-activity;sid:81061803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"157.230.102.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198702/; classtype:trojan-activity;sid:81061802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198701/; classtype:trojan-activity;sid:81061801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198700/; classtype:trojan-activity;sid:81061800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"157.230.102.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198699/; classtype:trojan-activity;sid:81061799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198698/; classtype:trojan-activity;sid:81061798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198697/; classtype:trojan-activity;sid:81061797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198696/; classtype:trojan-activity;sid:81061796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198695/; classtype:trojan-activity;sid:81061795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"157.230.102.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198694/; classtype:trojan-activity;sid:81061794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198693/; classtype:trojan-activity;sid:81061793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198692/; classtype:trojan-activity;sid:81061792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"157.230.102.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198691/; classtype:trojan-activity;sid:81061791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198690/; classtype:trojan-activity;sid:81061790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"157.230.102.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198689/; classtype:trojan-activity;sid:81061789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198688/; classtype:trojan-activity;sid:81061788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198687/; classtype:trojan-activity;sid:81061787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198686/; classtype:trojan-activity;sid:81061786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"51.255.54.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198685/; classtype:trojan-activity;sid:81061785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"157.230.102.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198684/; classtype:trojan-activity;sid:81061784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"221.144.153.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198683/; classtype:trojan-activity;sid:81061783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"139.59.159.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198682/; classtype:trojan-activity;sid:81061782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198681/; classtype:trojan-activity;sid:81061781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198680/; classtype:trojan-activity;sid:81061780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198678/; classtype:trojan-activity;sid:81061778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198679/; classtype:trojan-activity;sid:81061779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198677/; classtype:trojan-activity;sid:81061777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198676/; classtype:trojan-activity;sid:81061776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198675/; classtype:trojan-activity;sid:81061775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198674/; classtype:trojan-activity;sid:81061774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198673/; classtype:trojan-activity;sid:81061773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198672/; classtype:trojan-activity;sid:81061772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198670/; classtype:trojan-activity;sid:81061770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198671/; classtype:trojan-activity;sid:81061771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198669/; classtype:trojan-activity;sid:81061769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198668/; classtype:trojan-activity;sid:81061768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198667/; classtype:trojan-activity;sid:81061767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198666/; classtype:trojan-activity;sid:81061766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8p9x1ovqv"; http_uri; depth:10; isdataat:!1,relative; content:"gmo.fuero.pl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198665/; classtype:trojan-activity;sid:81061765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198664/; classtype:trojan-activity;sid:81061764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/biteye.xyz.exe"; http_uri; depth:15; isdataat:!1,relative; content:"188.209.52.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198663/; classtype:trojan-activity;sid:81061763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/payment.exe"; http_uri; depth:12; isdataat:!1,relative; content:"eurocontrolint.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198662/; classtype:trojan-activity;sid:81061762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"31.179.227.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198661/; classtype:trojan-activity;sid:81061761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"178.211.33.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198660/; classtype:trojan-activity;sid:81061760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"192.241.135.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198659/; classtype:trojan-activity;sid:81061759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"192.241.135.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198658/; classtype:trojan-activity;sid:81061758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"192.241.135.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198657/; classtype:trojan-activity;sid:81061757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"192.241.135.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198656/; classtype:trojan-activity;sid:81061756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.x86"; http_uri; depth:14; isdataat:!1,relative; content:"192.241.135.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198655/; classtype:trojan-activity;sid:81061755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"192.241.135.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198654/; classtype:trojan-activity;sid:81061754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.spc"; http_uri; depth:14; isdataat:!1,relative; content:"192.241.135.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198653/; classtype:trojan-activity;sid:81061753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"192.241.135.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198652/; classtype:trojan-activity;sid:81061752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.mips"; http_uri; depth:15; isdataat:!1,relative; content:"192.241.135.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198651/; classtype:trojan-activity;sid:81061751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.arm"; http_uri; depth:14; isdataat:!1,relative; content:"192.241.135.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198650/; classtype:trojan-activity;sid:81061750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"192.241.135.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198649/; classtype:trojan-activity;sid:81061749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/11/panel.zip"; http_uri; depth:13; isdataat:!1,relative; content:"iracan.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198648/; classtype:trojan-activity;sid:81061748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/driver/neo2_pro_manager_1.32_setup.exe"; http_uri; depth:39; isdataat:!1,relative; content:"www.neoflash.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198647/; classtype:trojan-activity;sid:81061747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/para.i686"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198646/; classtype:trojan-activity;sid:81061746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/para.mips"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198645/; classtype:trojan-activity;sid:81061745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/para.sparc"; http_uri; depth:11; isdataat:!1,relative; content:"185.101.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198644/; classtype:trojan-activity;sid:81061744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/para.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198643/; classtype:trojan-activity;sid:81061743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/para.x86"; http_uri; depth:9; isdataat:!1,relative; content:"185.101.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198642/; classtype:trojan-activity;sid:81061742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/para.mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198641/; classtype:trojan-activity;sid:81061741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/para.m68k"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198640/; classtype:trojan-activity;sid:81061740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/para.arm4"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198639/; classtype:trojan-activity;sid:81061739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/para.arm5"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198638/; classtype:trojan-activity;sid:81061738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/para.arm6"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198637/; classtype:trojan-activity;sid:81061737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/para.ppc"; http_uri; depth:9; isdataat:!1,relative; content:"185.101.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198636/; classtype:trojan-activity;sid:81061736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/para.sh4"; http_uri; depth:9; isdataat:!1,relative; content:"185.101.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198635/; classtype:trojan-activity;sid:81061735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/para.i586"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198634/; classtype:trojan-activity;sid:81061734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"200.79.152.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198633/; classtype:trojan-activity;sid:81061733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/neo2_pro_manager_1.32a_setup.exe"; http_uri; depth:42; isdataat:!1,relative; content:"www.neoflash.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198632/; classtype:trojan-activity;sid:81061732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/74bqrll2fravktt7jkycl_535qav-869522814724593/74bqrll2fravktt7jkycl_535qav-869522814724593/"; http_uri; depth:100; isdataat:!1,relative; content:"farsinvestco.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198630/; classtype:trojan-activity;sid:81061730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/ubzaztj2m1frywtpj_5k0m2-0542235047/"; http_uri; depth:55; isdataat:!1,relative; content:"memorymusk.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198629/; classtype:trojan-activity;sid:81061729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198628/; classtype:trojan-activity;sid:81061728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/togb/39l3-2tn8mn-capx/"; http_uri; depth:23; isdataat:!1,relative; content:"hoovi.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198627/; classtype:trojan-activity;sid:81061727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198626/; classtype:trojan-activity;sid:81061726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198625/; classtype:trojan-activity;sid:81061725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198624/; classtype:trojan-activity;sid:81061724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198623/; classtype:trojan-activity;sid:81061723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198622/; classtype:trojan-activity;sid:81061722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198621/; classtype:trojan-activity;sid:81061721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198620/; classtype:trojan-activity;sid:81061720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/hwhycuizwjgdrge/"; http_uri; depth:30; isdataat:!1,relative; content:"acolherintegrativo.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198619/; classtype:trojan-activity;sid:81061719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/adminer/sec_zone/en/accs/com/open_resourse/"; http_uri; depth:44; isdataat:!1,relative; content:"inted.org.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198618/; classtype:trojan-activity;sid:81061718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/language/open_network/biz/en/sign/sent/"; http_uri; depth:40; isdataat:!1,relative; content:"had.at"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198617/; classtype:trojan-activity;sid:81061717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198616/; classtype:trojan-activity;sid:81061716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"191.255.65.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198615/; classtype:trojan-activity;sid:81061715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198614/; classtype:trojan-activity;sid:81061714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198613/; classtype:trojan-activity;sid:81061713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198612/; classtype:trojan-activity;sid:81061712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198611/; classtype:trojan-activity;sid:81061711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/windows/rghost-parser.exe"; http_uri; depth:26; isdataat:!1,relative; content:"softrare-download2.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198610/; classtype:trojan-activity;sid:81061710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/slagalice/masta/snezna-princeza-slagalica.exe"; http_uri; depth:46; isdataat:!1,relative; content:"www.zadecu.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198609/; classtype:trojan-activity;sid:81061709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198608/; classtype:trojan-activity;sid:81061708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198607/; classtype:trojan-activity;sid:81061707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.arm"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198606/; classtype:trojan-activity;sid:81061706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.mips"; http_uri; depth:16; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198604/; classtype:trojan-activity;sid:81061704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198605/; classtype:trojan-activity;sid:81061705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198603/; classtype:trojan-activity;sid:81061703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.arm"; http_uri; depth:15; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198602/; classtype:trojan-activity;sid:81061702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198601/; classtype:trojan-activity;sid:81061701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.mips"; http_uri; depth:16; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198600/; classtype:trojan-activity;sid:81061700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198599/; classtype:trojan-activity;sid:81061699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198598/; classtype:trojan-activity;sid:81061698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198597/; classtype:trojan-activity;sid:81061697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198596/; classtype:trojan-activity;sid:81061696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.arm"; http_uri; depth:15; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198595/; classtype:trojan-activity;sid:81061695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.arm"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198594/; classtype:trojan-activity;sid:81061694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198593/; classtype:trojan-activity;sid:81061693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198592/; classtype:trojan-activity;sid:81061692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198591/; classtype:trojan-activity;sid:81061691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198590/; classtype:trojan-activity;sid:81061690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198589/; classtype:trojan-activity;sid:81061689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198588/; classtype:trojan-activity;sid:81061688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198587/; classtype:trojan-activity;sid:81061687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198586/; classtype:trojan-activity;sid:81061686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.x86"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198585/; classtype:trojan-activity;sid:81061685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.x86"; http_uri; depth:15; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198584/; classtype:trojan-activity;sid:81061684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.x86"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198583/; classtype:trojan-activity;sid:81061683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/onryo.x86"; http_uri; depth:15; isdataat:!1,relative; content:"46.29.167.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198582/; classtype:trojan-activity;sid:81061682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/1/0/6/7/106777557/n3.exe"; http_uri; depth:33; isdataat:!1,relative; content:"erveryday.weebly.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198581/; classtype:trojan-activity;sid:81061681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"142.93.155.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198580/; classtype:trojan-activity;sid:81061680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"142.93.155.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198579/; classtype:trojan-activity;sid:81061679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"142.93.155.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198578/; classtype:trojan-activity;sid:81061678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"142.93.155.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198577/; classtype:trojan-activity;sid:81061677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/9/7/0/3/97031710/windowsapplication1.exe"; http_uri; depth:49; isdataat:!1,relative; content:"adsonpadilhacampos.weebly.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198576/; classtype:trojan-activity;sid:81061676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20190118/multishare.exe"; http_uri; depth:24; isdataat:!1,relative; content:"www.hostpp.ml"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198575/; classtype:trojan-activity;sid:81061675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/2/9/6/0/29601799/wudfsvc.exe"; http_uri; depth:37; isdataat:!1,relative; content:"netservc.weebly.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198574/; classtype:trojan-activity;sid:81061674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/install/wvpn327.exe"; http_uri; depth:20; isdataat:!1,relative; content:"www.worldvpn.co.kr"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198573/; classtype:trojan-activity;sid:81061673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"178.128.224.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198572/; classtype:trojan-activity;sid:81061672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"159.203.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198571/; classtype:trojan-activity;sid:81061671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.83.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198570/; classtype:trojan-activity;sid:81061670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bassbootsphones"; http_uri; depth:16; isdataat:!1,relative; content:"80.211.139.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198569/; classtype:trojan-activity;sid:81061669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"159.203.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198568/; classtype:trojan-activity;sid:81061668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; content:"178.128.224.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198567/; classtype:trojan-activity;sid:81061667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"159.203.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198566/; classtype:trojan-activity;sid:81061666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"159.203.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198565/; classtype:trojan-activity;sid:81061665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bassbootsmipsel"; http_uri; depth:16; isdataat:!1,relative; content:"80.211.139.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198564/; classtype:trojan-activity;sid:81061664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.83.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198563/; classtype:trojan-activity;sid:81061663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bassbootsi686"; http_uri; depth:14; isdataat:!1,relative; content:"80.211.139.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198562/; classtype:trojan-activity;sid:81061662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bassbootssparc"; http_uri; depth:15; isdataat:!1,relative; content:"80.211.139.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198561/; classtype:trojan-activity;sid:81061661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bassbootssh4"; http_uri; depth:13; isdataat:!1,relative; content:"80.211.139.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198560/; classtype:trojan-activity;sid:81061660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; content:"178.128.224.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198559/; classtype:trojan-activity;sid:81061659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bassbootspftp"; http_uri; depth:14; isdataat:!1,relative; content:"80.211.139.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198558/; classtype:trojan-activity;sid:81061658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"159.203.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198557/; classtype:trojan-activity;sid:81061657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.83.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198556/; classtype:trojan-activity;sid:81061656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bassbootsmips"; http_uri; depth:14; isdataat:!1,relative; content:"80.211.139.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198555/; classtype:trojan-activity;sid:81061655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; content:"178.128.224.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198554/; classtype:trojan-activity;sid:81061654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"159.203.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198553/; classtype:trojan-activity;sid:81061653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"178.128.224.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198552/; classtype:trojan-activity;sid:81061652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.83.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198551/; classtype:trojan-activity;sid:81061651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.83.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198550/; classtype:trojan-activity;sid:81061650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"178.128.224.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198549/; classtype:trojan-activity;sid:81061649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.83.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198548/; classtype:trojan-activity;sid:81061648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"159.203.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198547/; classtype:trojan-activity;sid:81061647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"159.203.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198546/; classtype:trojan-activity;sid:81061646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bassbootshttpd"; http_uri; depth:15; isdataat:!1,relative; content:"80.211.139.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198545/; classtype:trojan-activity;sid:81061645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.83.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198544/; classtype:trojan-activity;sid:81061644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"159.203.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198543/; classtype:trojan-activity;sid:81061643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"159.203.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198542/; classtype:trojan-activity;sid:81061642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bassbootsppc"; http_uri; depth:13; isdataat:!1,relative; content:"80.211.139.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198541/; classtype:trojan-activity;sid:81061641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.83.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198540/; classtype:trojan-activity;sid:81061640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; content:"178.128.224.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198539/; classtype:trojan-activity;sid:81061639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"178.128.224.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198538/; classtype:trojan-activity;sid:81061638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.83.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198537/; classtype:trojan-activity;sid:81061637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bassbootsx64"; http_uri; depth:13; isdataat:!1,relative; content:"80.211.139.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198536/; classtype:trojan-activity;sid:81061636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"178.128.224.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198535/; classtype:trojan-activity;sid:81061635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nut"; http_uri; depth:4; isdataat:!1,relative; content:"159.203.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198534/; classtype:trojan-activity;sid:81061634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"159.203.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198533/; classtype:trojan-activity;sid:81061633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.83.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198532/; classtype:trojan-activity;sid:81061632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"178.128.224.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198531/; classtype:trojan-activity;sid:81061631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bassbootsftp"; http_uri; depth:13; isdataat:!1,relative; content:"80.211.139.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198530/; classtype:trojan-activity;sid:81061630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/dan.exe"; http_uri; depth:13; isdataat:!1,relative; content:"ec.rk-store.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198529/; classtype:trojan-activity;sid:81061629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killer.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"185.244.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198528/; classtype:trojan-activity;sid:81061628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/our.exe"; http_uri; depth:13; isdataat:!1,relative; content:"ec.rk-store.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198527/; classtype:trojan-activity;sid:81061627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killer.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"185.244.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198526/; classtype:trojan-activity;sid:81061626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killer.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198525/; classtype:trojan-activity;sid:81061625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/mighty.exe"; http_uri; depth:16; isdataat:!1,relative; content:"ec.rk-store.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198524/; classtype:trojan-activity;sid:81061624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"46.101.220.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198523/; classtype:trojan-activity;sid:81061623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/9/7/0/3/97031710/jeqedy.exe"; http_uri; depth:36; isdataat:!1,relative; content:"adsonpadilhacampos.weebly.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198522/; classtype:trojan-activity;sid:81061622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"46.101.220.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198521/; classtype:trojan-activity;sid:81061621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/1/0/1/1/101126060/baladacintarizieq.exe"; http_uri; depth:48; isdataat:!1,relative; content:"baladacintarizieq.weebly.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198520/; classtype:trojan-activity;sid:81061620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/1/0/3/9/10398966/steam_pacsteamt-230809.exe"; http_uri; depth:52; isdataat:!1,relative; content:"pacsteamxl.weebly.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198519/; classtype:trojan-activity;sid:81061619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/5/9/7/1/59718903/putty-its2090.exe"; http_uri; depth:43; isdataat:!1,relative; content:"its2090.weebly.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198518/; classtype:trojan-activity;sid:81061618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/9/7/5/2/97520076/welfi_attack_2_update.exe"; http_uri; depth:51; isdataat:!1,relative; content:"welfiattackii.weebly.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198517/; classtype:trojan-activity;sid:81061617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/4/2/4/2/42424725/vox_echo_effect..exe"; http_uri; depth:46; isdataat:!1,relative; content:"voxechoeffects.weebly.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198516/; classtype:trojan-activity;sid:81061616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/2/9/6/0/29601799/system.exe"; http_uri; depth:36; isdataat:!1,relative; content:"netservc.weebly.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198515/; classtype:trojan-activity;sid:81061615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"46.101.220.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198514/; classtype:trojan-activity;sid:81061614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"46.101.220.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198513/; classtype:trojan-activity;sid:81061613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"46.101.220.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198512/; classtype:trojan-activity;sid:81061612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"46.101.220.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198511/; classtype:trojan-activity;sid:81061611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.34.4.192"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198510/; classtype:trojan-activity;sid:81061610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raz1.exe"; http_uri; depth:9; isdataat:!1,relative; content:"theloadmoon.ltd"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198509/; classtype:trojan-activity;sid:81061609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/dope.exe"; http_uri; depth:14; isdataat:!1,relative; content:"ec.rk-store.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198508/; classtype:trojan-activity;sid:81061608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dow/video-player.exe"; http_uri; depth:21; isdataat:!1,relative; content:"kmobornem.be"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198507/; classtype:trojan-activity;sid:81061607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"107.173.145.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198506/; classtype:trojan-activity;sid:81061606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.x86"; http_uri; depth:15; isdataat:!1,relative; content:"157.230.221.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198505/; classtype:trojan-activity;sid:81061605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"24.50.239.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198504/; classtype:trojan-activity;sid:81061604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/9/6/5/2/96520294/ioii.exe"; http_uri; depth:34; isdataat:!1,relative; content:"sdsdsdas.weebly.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198503/; classtype:trojan-activity;sid:81061603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/9/6/5/2/96520294/icnpainttttttt.exe"; http_uri; depth:44; isdataat:!1,relative; content:"sdsdsdas.weebly.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198502/; classtype:trojan-activity;sid:81061602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/9/6/5/2/96520294/ghgh.exe"; http_uri; depth:34; isdataat:!1,relative; content:"sdsdsdas.weebly.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198501/; classtype:trojan-activity;sid:81061601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/9/6/5/2/96520294/nesreen.exe"; http_uri; depth:37; isdataat:!1,relative; content:"sdsdsdas.weebly.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198500/; classtype:trojan-activity;sid:81061600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a21jj"; http_uri; depth:6; isdataat:!1,relative; content:"107.160.40.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198499/; classtype:trojan-activity;sid:81061599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mi3307"; http_uri; depth:7; isdataat:!1,relative; content:"107.160.40.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198498/; classtype:trojan-activity;sid:81061598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.x86"; http_uri; depth:14; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198497/; classtype:trojan-activity;sid:81061597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"138.68.91.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198496/; classtype:trojan-activity;sid:81061596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/1/2/5/6/125688687/xxxx.exe"; http_uri; depth:35; isdataat:!1,relative; content:"lolllllnhkbkh.weebly.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_19; reference:url, urlhaus.abuse.ch/url/198495/; classtype:trojan-activity;sid:81061595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/1/0/6/7/106777557/mstdll.exe"; http_uri; depth:37; isdataat:!1,relative; content:"erveryday.weebly.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198494/; classtype:trojan-activity;sid:81061594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/2/0/7/2/20722772/aqworlds_acs_generator_v1.00testing.exe"; http_uri; depth:65; isdataat:!1,relative; content:"aqwdownload3r.weebly.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198493/; classtype:trojan-activity;sid:81061593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/9/6/5/2/96520294/hadeeeeeel.exe"; http_uri; depth:40; isdataat:!1,relative; content:"sdsdsdas.weebly.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198492/; classtype:trojan-activity;sid:81061592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.mips"; http_uri; depth:15; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198491/; classtype:trojan-activity;sid:81061591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198490/; classtype:trojan-activity;sid:81061590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198488/; classtype:trojan-activity;sid:81061588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198489/; classtype:trojan-activity;sid:81061589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198487/; classtype:trojan-activity;sid:81061587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198486/; classtype:trojan-activity;sid:81061586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.arm"; http_uri; depth:14; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198484/; classtype:trojan-activity;sid:81061584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.x86"; http_uri; depth:14; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198485/; classtype:trojan-activity;sid:81061585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198483/; classtype:trojan-activity;sid:81061583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198482/; classtype:trojan-activity;sid:81061582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.mips"; http_uri; depth:15; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198481/; classtype:trojan-activity;sid:81061581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198480/; classtype:trojan-activity;sid:81061580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198479/; classtype:trojan-activity;sid:81061579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.51.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198478/; classtype:trojan-activity;sid:81061578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.51.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198477/; classtype:trojan-activity;sid:81061577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198476/; classtype:trojan-activity;sid:81061576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.51.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198475/; classtype:trojan-activity;sid:81061575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198474/; classtype:trojan-activity;sid:81061574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.51.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198473/; classtype:trojan-activity;sid:81061573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"138.68.91.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198472/; classtype:trojan-activity;sid:81061572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zzz/x86.idopoc"; http_uri; depth:15; isdataat:!1,relative; content:"185.222.202.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198471/; classtype:trojan-activity;sid:81061571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.arm"; http_uri; depth:14; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198470/; classtype:trojan-activity;sid:81061570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"91.215.158.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198469/; classtype:trojan-activity;sid:81061569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"65.125.128.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198468/; classtype:trojan-activity;sid:81061568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.51.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198467/; classtype:trojan-activity;sid:81061567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198466/; classtype:trojan-activity;sid:81061566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198465/; classtype:trojan-activity;sid:81061565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.x86"; http_uri; depth:17; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198464/; classtype:trojan-activity;sid:81061564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.x86"; http_uri; depth:17; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198463/; classtype:trojan-activity;sid:81061563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm5"; http_uri; depth:12; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198462/; classtype:trojan-activity;sid:81061562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.m68k"; http_uri; depth:18; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198461/; classtype:trojan-activity;sid:81061561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.mips"; http_uri; depth:18; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198460/; classtype:trojan-activity;sid:81061560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mips"; http_uri; depth:15; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198459/; classtype:trojan-activity;sid:81061559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198458/; classtype:trojan-activity;sid:81061558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198457/; classtype:trojan-activity;sid:81061557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198456/; classtype:trojan-activity;sid:81061556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.x86"; http_uri; depth:11; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198455/; classtype:trojan-activity;sid:81061555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm"; http_uri; depth:11; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198454/; classtype:trojan-activity;sid:81061554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198453/; classtype:trojan-activity;sid:81061553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm7"; http_uri; depth:12; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198452/; classtype:trojan-activity;sid:81061552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_outpute3757efrr.exe"; http_uri; depth:21; isdataat:!1,relative; content:"vbn4d.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198451/; classtype:trojan-activity;sid:81061551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/r354gfd4df3vb_signed.exe"; http_uri; depth:25; isdataat:!1,relative; content:"vbn4d.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198450/; classtype:trojan-activity;sid:81061550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_outputa918a5fs.exe"; http_uri; depth:20; isdataat:!1,relative; content:"vbn4d.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198449/; classtype:trojan-activity;sid:81061549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/image2.exe"; http_uri; depth:11; isdataat:!1,relative; content:"browncoatlabs.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198448/; classtype:trojan-activity;sid:81061548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ookqlqjjk/"; http_uri; depth:23; isdataat:!1,relative; content:"miamibeachprivateinvestigators.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198447/; classtype:trojan-activity;sid:81061547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killer.i686"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198446/; classtype:trojan-activity;sid:81061546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killer.i586"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198445/; classtype:trojan-activity;sid:81061545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killer.mips"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198444/; classtype:trojan-activity;sid:81061544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killer.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198443/; classtype:trojan-activity;sid:81061543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killer.arm7"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198442/; classtype:trojan-activity;sid:81061542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killer.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198441/; classtype:trojan-activity;sid:81061541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killer.arm5"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198440/; classtype:trojan-activity;sid:81061540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killer.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198439/; classtype:trojan-activity;sid:81061539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killer.x86"; http_uri; depth:11; isdataat:!1,relative; content:"185.244.25.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198438/; classtype:trojan-activity;sid:81061538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198437/; classtype:trojan-activity;sid:81061537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.mips"; http_uri; depth:18; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198436/; classtype:trojan-activity;sid:81061536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"139.59.151.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198435/; classtype:trojan-activity;sid:81061535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"139.59.151.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198434/; classtype:trojan-activity;sid:81061534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198433/; classtype:trojan-activity;sid:81061533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198432/; classtype:trojan-activity;sid:81061532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86"; http_uri; depth:14; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198431/; classtype:trojan-activity;sid:81061531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"134.209.185.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198430/; classtype:trojan-activity;sid:81061530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198429/; classtype:trojan-activity;sid:81061529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198428/; classtype:trojan-activity;sid:81061528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm"; http_uri; depth:17; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198427/; classtype:trojan-activity;sid:81061527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198426/; classtype:trojan-activity;sid:81061526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198425/; classtype:trojan-activity;sid:81061525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198424/; classtype:trojan-activity;sid:81061524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86"; http_uri; depth:14; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198423/; classtype:trojan-activity;sid:81061523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm"; http_uri; depth:17; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198422/; classtype:trojan-activity;sid:81061522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"37.142.114.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198421/; classtype:trojan-activity;sid:81061521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"205.185.126.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198420/; classtype:trojan-activity;sid:81061520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/n10"; http_uri; depth:28; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198419/; classtype:trojan-activity;sid:81061519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/n9"; http_uri; depth:27; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198418/; classtype:trojan-activity;sid:81061518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/n8"; http_uri; depth:27; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198417/; classtype:trojan-activity;sid:81061517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/n7"; http_uri; depth:27; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198416/; classtype:trojan-activity;sid:81061516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/n6"; http_uri; depth:27; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198415/; classtype:trojan-activity;sid:81061515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/n5"; http_uri; depth:27; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198414/; classtype:trojan-activity;sid:81061514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/n4"; http_uri; depth:27; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198413/; classtype:trojan-activity;sid:81061513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/n3"; http_uri; depth:27; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198412/; classtype:trojan-activity;sid:81061512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/n2"; http_uri; depth:27; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198411/; classtype:trojan-activity;sid:81061511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/n1"; http_uri; depth:27; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198410/; classtype:trojan-activity;sid:81061510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/hspc"; http_uri; depth:29; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198409/; classtype:trojan-activity;sid:81061509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/hppc"; http_uri; depth:29; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198407/; classtype:trojan-activity;sid:81061507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/hsh4"; http_uri; depth:29; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198408/; classtype:trojan-activity;sid:81061508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/hx86"; http_uri; depth:29; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198406/; classtype:trojan-activity;sid:81061506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/harm7"; http_uri; depth:30; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198404/; classtype:trojan-activity;sid:81061504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/hmips"; http_uri; depth:30; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198405/; classtype:trojan-activity;sid:81061505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/harm6"; http_uri; depth:30; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198403/; classtype:trojan-activity;sid:81061503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/harm"; http_uri; depth:29; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198401/; classtype:trojan-activity;sid:81061501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/harm5"; http_uri; depth:30; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198402/; classtype:trojan-activity;sid:81061502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/hmpsl"; http_uri; depth:30; isdataat:!1,relative; content:"142.93.107.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198400/; classtype:trojan-activity;sid:81061500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"185.244.25.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198399/; classtype:trojan-activity;sid:81061499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.x86"; http_uri; depth:10; isdataat:!1,relative; content:"185.244.25.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198398/; classtype:trojan-activity;sid:81061498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"185.244.25.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198396/; classtype:trojan-activity;sid:81061496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"185.244.25.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198397/; classtype:trojan-activity;sid:81061497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"185.244.25.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198394/; classtype:trojan-activity;sid:81061494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.spc"; http_uri; depth:10; isdataat:!1,relative; content:"185.244.25.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198395/; classtype:trojan-activity;sid:81061495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.arm7"; http_uri; depth:11; isdataat:!1,relative; content:"185.244.25.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198392/; classtype:trojan-activity;sid:81061492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.mips"; http_uri; depth:11; isdataat:!1,relative; content:"185.244.25.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198393/; classtype:trojan-activity;sid:81061493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"185.244.25.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198391/; classtype:trojan-activity;sid:81061491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"185.244.25.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198390/; classtype:trojan-activity;sid:81061490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/miori.arm"; http_uri; depth:10; isdataat:!1,relative; content:"185.244.25.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198389/; classtype:trojan-activity;sid:81061489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/tr0642"; http_uri; depth:17; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198388/; classtype:trojan-activity;sid:81061488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/tr064"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198387/; classtype:trojan-activity;sid:81061487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/thinkphp"; http_uri; depth:19; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198386/; classtype:trojan-activity;sid:81061486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/realtek"; http_uri; depth:18; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198385/; classtype:trojan-activity;sid:81061485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/linksys"; http_uri; depth:18; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198384/; classtype:trojan-activity;sid:81061484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/huawei"; http_uri; depth:17; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198383/; classtype:trojan-activity;sid:81061483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon80809"; http_uri; depth:20; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198382/; classtype:trojan-activity;sid:81061482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon80808"; http_uri; depth:20; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198381/; classtype:trojan-activity;sid:81061481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon80806"; http_uri; depth:20; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198379/; classtype:trojan-activity;sid:81061479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon80807"; http_uri; depth:20; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198380/; classtype:trojan-activity;sid:81061480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon80805"; http_uri; depth:20; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198378/; classtype:trojan-activity;sid:81061478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon80803"; http_uri; depth:20; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198376/; classtype:trojan-activity;sid:81061476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon80804"; http_uri; depth:20; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198377/; classtype:trojan-activity;sid:81061477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon80802"; http_uri; depth:20; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198375/; classtype:trojan-activity;sid:81061475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon44310"; http_uri; depth:20; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198373/; classtype:trojan-activity;sid:81061473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon80801"; http_uri; depth:20; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198374/; classtype:trojan-activity;sid:81061474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon8010"; http_uri; depth:19; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198372/; classtype:trojan-activity;sid:81061472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon4439"; http_uri; depth:19; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198371/; classtype:trojan-activity;sid:81061471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon4438"; http_uri; depth:19; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198370/; classtype:trojan-activity;sid:81061470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon4436"; http_uri; depth:19; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198368/; classtype:trojan-activity;sid:81061468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon4437"; http_uri; depth:19; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198369/; classtype:trojan-activity;sid:81061469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon4435"; http_uri; depth:19; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198367/; classtype:trojan-activity;sid:81061467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon4434"; http_uri; depth:19; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198366/; classtype:trojan-activity;sid:81061466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon4433"; http_uri; depth:19; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198365/; classtype:trojan-activity;sid:81061465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198364/; classtype:trojan-activity;sid:81061464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198363/; classtype:trojan-activity;sid:81061463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198362/; classtype:trojan-activity;sid:81061462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198361/; classtype:trojan-activity;sid:81061461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198360/; classtype:trojan-activity;sid:81061460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198359/; classtype:trojan-activity;sid:81061459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; content:"54.38.79.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198358/; classtype:trojan-activity;sid:81061458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.2.151.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198357/; classtype:trojan-activity;sid:81061457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198356/; classtype:trojan-activity;sid:81061456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198355/; classtype:trojan-activity;sid:81061455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198354/; classtype:trojan-activity;sid:81061454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon4432"; http_uri; depth:19; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198353/; classtype:trojan-activity;sid:81061453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon4431"; http_uri; depth:19; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198352/; classtype:trojan-activity;sid:81061452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon809"; http_uri; depth:18; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198351/; classtype:trojan-activity;sid:81061451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon808"; http_uri; depth:18; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198350/; classtype:trojan-activity;sid:81061450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon807"; http_uri; depth:18; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198349/; classtype:trojan-activity;sid:81061449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon806"; http_uri; depth:18; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198348/; classtype:trojan-activity;sid:81061448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon805"; http_uri; depth:18; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198347/; classtype:trojan-activity;sid:81061447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon804"; http_uri; depth:18; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198346/; classtype:trojan-activity;sid:81061446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon803"; http_uri; depth:18; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198345/; classtype:trojan-activity;sid:81061445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon802"; http_uri; depth:18; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198344/; classtype:trojan-activity;sid:81061444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/gpon801"; http_uri; depth:18; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198343/; classtype:trojan-activity;sid:81061443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/dlink2"; http_uri; depth:17; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198342/; classtype:trojan-activity;sid:81061442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/dlink"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198341/; classtype:trojan-activity;sid:81061441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/adb10"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198340/; classtype:trojan-activity;sid:81061440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/adb9"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198339/; classtype:trojan-activity;sid:81061439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/adb7"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198337/; classtype:trojan-activity;sid:81061437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/adb8"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198338/; classtype:trojan-activity;sid:81061438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/adb6"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198336/; classtype:trojan-activity;sid:81061436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/adb5"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198335/; classtype:trojan-activity;sid:81061435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/adb4"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198334/; classtype:trojan-activity;sid:81061434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/adb3"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198333/; classtype:trojan-activity;sid:81061433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/adb2"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198332/; classtype:trojan-activity;sid:81061432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/adb1"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198331/; classtype:trojan-activity;sid:81061431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.x86"; http_uri; depth:21; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198330/; classtype:trojan-activity;sid:81061430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.spc"; http_uri; depth:21; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198329/; classtype:trojan-activity;sid:81061429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198328/; classtype:trojan-activity;sid:81061428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198327/; classtype:trojan-activity;sid:81061427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198326/; classtype:trojan-activity;sid:81061426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.mips"; http_uri; depth:22; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198325/; classtype:trojan-activity;sid:81061425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198324/; classtype:trojan-activity;sid:81061424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198323/; classtype:trojan-activity;sid:81061423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198322/; classtype:trojan-activity;sid:81061422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198321/; classtype:trojan-activity;sid:81061421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/824982536/nakuma.arm"; http_uri; depth:21; isdataat:!1,relative; content:"178.128.195.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198320/; classtype:trojan-activity;sid:81061420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"35.229.212.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198319/; classtype:trojan-activity;sid:81061419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; content:"139.59.0.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198318/; classtype:trojan-activity;sid:81061418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.26.132.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198317/; classtype:trojan-activity;sid:81061417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"66.65.36.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198316/; classtype:trojan-activity;sid:81061416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"139.59.0.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198315/; classtype:trojan-activity;sid:81061415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/owari.x86"; http_uri; depth:18; isdataat:!1,relative; content:"104.236.196.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198314/; classtype:trojan-activity;sid:81061414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/owari.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"104.236.196.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198313/; classtype:trojan-activity;sid:81061413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/owari.mips"; http_uri; depth:19; isdataat:!1,relative; content:"104.236.196.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198312/; classtype:trojan-activity;sid:81061412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/owari.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"104.236.196.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198311/; classtype:trojan-activity;sid:81061411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/owari.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"104.236.196.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198310/; classtype:trojan-activity;sid:81061410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/owari.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"104.236.196.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198309/; classtype:trojan-activity;sid:81061409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/binarys/owari.arm"; http_uri; depth:18; isdataat:!1,relative; content:"104.236.196.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198308/; classtype:trojan-activity;sid:81061408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"24.155.13.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198307/; classtype:trojan-activity;sid:81061407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"139.59.0.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198306/; classtype:trojan-activity;sid:81061406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/update-winplayer-v.10.20.exe"; http_uri; depth:29; isdataat:!1,relative; content:"www.alimstores.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198305/; classtype:trojan-activity;sid:81061405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/install.exe"; http_uri; depth:12; isdataat:!1,relative; content:"offer-4.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198304/; classtype:trojan-activity;sid:81061404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/steam/a1.exe"; http_uri; depth:13; isdataat:!1,relative; content:"down.1919wan.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198303/; classtype:trojan-activity;sid:81061403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.165.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198302/; classtype:trojan-activity;sid:81061402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.165.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198301/; classtype:trojan-activity;sid:81061401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.165.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198300/; classtype:trojan-activity;sid:81061400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.165.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198299/; classtype:trojan-activity;sid:81061399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.190.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198298/; classtype:trojan-activity;sid:81061398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sfpm98812822461311355848834"; http_uri; depth:28; isdataat:!1,relative; content:"p51dz0yors.page.link"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198297/; classtype:trojan-activity;sid:81061397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.190.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198296/; classtype:trojan-activity;sid:81061396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3666.6"; http_uri; depth:7; isdataat:!1,relative; content:"103.205.7.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198295/; classtype:trojan-activity;sid:81061395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.190.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198293/; classtype:trojan-activity;sid:81061393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.190.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198294/; classtype:trojan-activity;sid:81061394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.190.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198291/; classtype:trojan-activity;sid:81061391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.190.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198292/; classtype:trojan-activity;sid:81061392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akbins/m68k.akirag"; http_uri; depth:19; isdataat:!1,relative; content:"194.147.34.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198290/; classtype:trojan-activity;sid:81061390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.190.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198289/; classtype:trojan-activity;sid:81061389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.1.143.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198288/; classtype:trojan-activity;sid:81061388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akbins/mpsl.akirag"; http_uri; depth:19; isdataat:!1,relative; content:"194.147.34.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198287/; classtype:trojan-activity;sid:81061387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akbins/i686.akirag"; http_uri; depth:19; isdataat:!1,relative; content:"194.147.34.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198286/; classtype:trojan-activity;sid:81061386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akbins/ppc.akirag"; http_uri; depth:18; isdataat:!1,relative; content:"194.147.34.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198284/; classtype:trojan-activity;sid:81061384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akbins/x86.akirag"; http_uri; depth:18; isdataat:!1,relative; content:"194.147.34.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198285/; classtype:trojan-activity;sid:81061385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akbins/mips.akirag"; http_uri; depth:19; isdataat:!1,relative; content:"194.147.34.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198283/; classtype:trojan-activity;sid:81061383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.190.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198282/; classtype:trojan-activity;sid:81061382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"81.218.141.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198281/; classtype:trojan-activity;sid:81061381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akbins/arm.akirag"; http_uri; depth:18; isdataat:!1,relative; content:"194.147.34.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198280/; classtype:trojan-activity;sid:81061380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akbins/spc.akirag"; http_uri; depth:18; isdataat:!1,relative; content:"194.147.34.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198279/; classtype:trojan-activity;sid:81061379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akbins/sh4.akirag"; http_uri; depth:18; isdataat:!1,relative; content:"194.147.34.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198278/; classtype:trojan-activity;sid:81061378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akbins/arm5.akirag"; http_uri; depth:19; isdataat:!1,relative; content:"194.147.34.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198277/; classtype:trojan-activity;sid:81061377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akbins/arm6.akirag"; http_uri; depth:19; isdataat:!1,relative; content:"194.147.34.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198276/; classtype:trojan-activity;sid:81061376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akbins/arm7.akirag"; http_uri; depth:19; isdataat:!1,relative; content:"194.147.34.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198275/; classtype:trojan-activity;sid:81061375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; content:"korolevaroz.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198274/; classtype:trojan-activity;sid:81061374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; content:"margaritka37.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198273/; classtype:trojan-activity;sid:81061373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/30481.30481_pe.exe"; http_uri; depth:19; isdataat:!1,relative; content:"dap.1919wan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198272/; classtype:trojan-activity;sid:81061372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/30083.30083_pe.exe"; http_uri; depth:19; isdataat:!1,relative; content:"dap.1919wan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198271/; classtype:trojan-activity;sid:81061371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/m3gc4bkhag.exe"; http_uri; depth:23; isdataat:!1,relative; content:"187.ip-54-36-162.eu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198270/; classtype:trojan-activity;sid:81061370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmdd.exe"; http_uri; depth:9; isdataat:!1,relative; content:"187.ip-54-36-162.eu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198269/; classtype:trojan-activity;sid:81061369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1/32354"; http_uri; depth:8; isdataat:!1,relative; content:"45.67.14.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198268/; classtype:trojan-activity;sid:81061368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmark/c.exe"; http_uri; depth:12; isdataat:!1,relative; content:"nutricaoedesenvolvimento.com.br"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198267/; classtype:trojan-activity;sid:81061367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/emire.exe"; http_uri; depth:10; isdataat:!1,relative; content:"gucci-admin.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198266/; classtype:trojan-activity;sid:81061366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"157.230.224.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198265/; classtype:trojan-activity;sid:81061365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"159.203.102.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198264/; classtype:trojan-activity;sid:81061364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; content:"157.230.224.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198263/; classtype:trojan-activity;sid:81061363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"159.203.102.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198262/; classtype:trojan-activity;sid:81061362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"195.123.238.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198261/; classtype:trojan-activity;sid:81061361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"157.230.224.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198260/; classtype:trojan-activity;sid:81061360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sin.png"; http_uri; depth:8; isdataat:!1,relative; content:"54.38.127.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198256/; classtype:trojan-activity;sid:81061356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tin.png"; http_uri; depth:8; isdataat:!1,relative; content:"54.38.127.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198258/; classtype:trojan-activity;sid:81061358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/toler.png"; http_uri; depth:10; isdataat:!1,relative; content:"54.38.127.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198255/; classtype:trojan-activity;sid:81061355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/visual.png"; http_uri; depth:11; isdataat:!1,relative; content:"54.38.127.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198259/; classtype:trojan-activity;sid:81061359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/win.png"; http_uri; depth:8; isdataat:!1,relative; content:"54.38.127.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198257/; classtype:trojan-activity;sid:81061357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/worming.png"; http_uri; depth:12; isdataat:!1,relative; content:"54.38.127.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198254/; classtype:trojan-activity;sid:81061354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/table.png"; http_uri; depth:10; isdataat:!1,relative; content:"54.38.127.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198253/; classtype:trojan-activity;sid:81061353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/radiance.png"; http_uri; depth:13; isdataat:!1,relative; content:"54.38.127.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198252/; classtype:trojan-activity;sid:81061352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"104.248.58.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198251/; classtype:trojan-activity;sid:81061351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"157.230.224.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198250/; classtype:trojan-activity;sid:81061350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; content:"157.230.224.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198249/; classtype:trojan-activity;sid:81061349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"157.230.224.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198248/; classtype:trojan-activity;sid:81061348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kosmix.exe"; http_uri; depth:11; isdataat:!1,relative; content:"gcleaner.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198247/; classtype:trojan-activity;sid:81061347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"159.203.102.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198246/; classtype:trojan-activity;sid:81061346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"5.55.81.222"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198245/; classtype:trojan-activity;sid:81061345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"104.248.58.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198244/; classtype:trojan-activity;sid:81061344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"195.123.238.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198243/; classtype:trojan-activity;sid:81061343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"162.17.191.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198242/; classtype:trojan-activity;sid:81061342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; content:"157.230.224.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198241/; classtype:trojan-activity;sid:81061341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"104.248.58.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198240/; classtype:trojan-activity;sid:81061340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"104.248.58.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198239/; classtype:trojan-activity;sid:81061339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"104.248.58.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198238/; classtype:trojan-activity;sid:81061338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/no.exe"; http_uri; depth:7; isdataat:!1,relative; content:"officeboss.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198237/; classtype:trojan-activity;sid:81061337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zzz/x86.idopoc"; http_uri; depth:15; isdataat:!1,relative; content:"185.222.202.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198236/; classtype:trojan-activity;sid:81061336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zzz/spc.idopoc"; http_uri; depth:15; isdataat:!1,relative; content:"185.222.202.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198235/; classtype:trojan-activity;sid:81061335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zzz/ppc.idopoc"; http_uri; depth:15; isdataat:!1,relative; content:"185.222.202.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198233/; classtype:trojan-activity;sid:81061333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zzz/sh4.idopoc"; http_uri; depth:15; isdataat:!1,relative; content:"185.222.202.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198234/; classtype:trojan-activity;sid:81061334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zzz/mpsl.idopoc"; http_uri; depth:16; isdataat:!1,relative; content:"185.222.202.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198232/; classtype:trojan-activity;sid:81061332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zzz/mips.idopoc"; http_uri; depth:16; isdataat:!1,relative; content:"185.222.202.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198231/; classtype:trojan-activity;sid:81061331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zzz/m68k.idopoc"; http_uri; depth:16; isdataat:!1,relative; content:"185.222.202.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198230/; classtype:trojan-activity;sid:81061330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zzz/arm7.idopoc"; http_uri; depth:16; isdataat:!1,relative; content:"185.222.202.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198229/; classtype:trojan-activity;sid:81061329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zzz/arm6.idopoc"; http_uri; depth:16; isdataat:!1,relative; content:"185.222.202.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198228/; classtype:trojan-activity;sid:81061328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zzz/arm5.idopoc"; http_uri; depth:16; isdataat:!1,relative; content:"185.222.202.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198227/; classtype:trojan-activity;sid:81061327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zzz/arm.idopoc"; http_uri; depth:15; isdataat:!1,relative; content:"185.222.202.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198226/; classtype:trojan-activity;sid:81061326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.228.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198225/; classtype:trojan-activity;sid:81061325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.228.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198224/; classtype:trojan-activity;sid:81061324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.228.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198223/; classtype:trojan-activity;sid:81061323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.228.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198222/; classtype:trojan-activity;sid:81061322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.228.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198221/; classtype:trojan-activity;sid:81061321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.228.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198220/; classtype:trojan-activity;sid:81061320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.228.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198219/; classtype:trojan-activity;sid:81061319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.228.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198218/; classtype:trojan-activity;sid:81061318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.228.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198217/; classtype:trojan-activity;sid:81061317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.228.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198216/; classtype:trojan-activity;sid:81061316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.228.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198215/; classtype:trojan-activity;sid:81061315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.spc"; http_uri; depth:14; isdataat:!1,relative; content:"46.166.133.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198213/; classtype:trojan-activity;sid:81061313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86"; http_uri; depth:14; isdataat:!1,relative; content:"46.166.133.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198214/; classtype:trojan-activity;sid:81061314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"46.166.133.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198212/; classtype:trojan-activity;sid:81061312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"46.166.133.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198211/; classtype:trojan-activity;sid:81061311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"46.166.133.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198210/; classtype:trojan-activity;sid:81061310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mips"; http_uri; depth:15; isdataat:!1,relative; content:"46.166.133.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198209/; classtype:trojan-activity;sid:81061309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"46.166.133.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198208/; classtype:trojan-activity;sid:81061308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"46.166.133.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198207/; classtype:trojan-activity;sid:81061307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"46.166.133.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198206/; classtype:trojan-activity;sid:81061306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"46.166.133.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198205/; classtype:trojan-activity;sid:81061305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; content:"46.166.133.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198204/; classtype:trojan-activity;sid:81061304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.x86"; http_uri; depth:15; isdataat:!1,relative; content:"188.166.165.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198203/; classtype:trojan-activity;sid:81061303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.spc"; http_uri; depth:15; isdataat:!1,relative; content:"188.166.165.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198202/; classtype:trojan-activity;sid:81061302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"188.166.165.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198201/; classtype:trojan-activity;sid:81061301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"188.166.165.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198200/; classtype:trojan-activity;sid:81061300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"188.166.165.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198199/; classtype:trojan-activity;sid:81061299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.mips"; http_uri; depth:16; isdataat:!1,relative; content:"188.166.165.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198198/; classtype:trojan-activity;sid:81061298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"188.166.165.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198197/; classtype:trojan-activity;sid:81061297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"188.166.165.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198196/; classtype:trojan-activity;sid:81061296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"188.166.165.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198195/; classtype:trojan-activity;sid:81061295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm"; http_uri; depth:15; isdataat:!1,relative; content:"188.166.165.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198193/; classtype:trojan-activity;sid:81061293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"188.166.165.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198194/; classtype:trojan-activity;sid:81061294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"142.93.101.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198192/; classtype:trojan-activity;sid:81061292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"142.93.101.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198191/; classtype:trojan-activity;sid:81061291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"142.93.101.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198190/; classtype:trojan-activity;sid:81061290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"142.93.101.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198189/; classtype:trojan-activity;sid:81061289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"142.93.101.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198188/; classtype:trojan-activity;sid:81061288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"142.93.101.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198187/; classtype:trojan-activity;sid:81061287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"142.93.101.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198186/; classtype:trojan-activity;sid:81061286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"142.93.101.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198185/; classtype:trojan-activity;sid:81061285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"142.93.101.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198183/; classtype:trojan-activity;sid:81061283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"142.93.101.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198184/; classtype:trojan-activity;sid:81061284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"142.93.101.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198182/; classtype:trojan-activity;sid:81061282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.mips64"; http_uri; depth:19; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198181/; classtype:trojan-activity;sid:81061281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.i486"; http_uri; depth:17; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198180/; classtype:trojan-activity;sid:81061280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198179/; classtype:trojan-activity;sid:81061279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198178/; classtype:trojan-activity;sid:81061278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.arm"; http_uri; depth:16; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198177/; classtype:trojan-activity;sid:81061277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.sparc"; http_uri; depth:18; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198176/; classtype:trojan-activity;sid:81061276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198175/; classtype:trojan-activity;sid:81061275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.i586"; http_uri; depth:17; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198174/; classtype:trojan-activity;sid:81061274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198173/; classtype:trojan-activity;sid:81061273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.i686"; http_uri; depth:17; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198172/; classtype:trojan-activity;sid:81061272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198171/; classtype:trojan-activity;sid:81061271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.x86"; http_uri; depth:16; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198170/; classtype:trojan-activity;sid:81061270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198169/; classtype:trojan-activity;sid:81061269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198168/; classtype:trojan-activity;sid:81061268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uogpmegagay.mips"; http_uri; depth:17; isdataat:!1,relative; content:"179.43.149.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198167/; classtype:trojan-activity;sid:81061267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/server/server.exe"; http_uri; depth:18; isdataat:!1,relative; content:"ruit.live"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198166/; classtype:trojan-activity;sid:81061266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lokioutput/loki_output.exe"; http_uri; depth:27; isdataat:!1,relative; content:"ruit.live"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198165/; classtype:trojan-activity;sid:81061265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/printer.exe"; http_uri; depth:18; isdataat:!1,relative; content:"systemservicex.azurewebsites.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198164/; classtype:trojan-activity;sid:81061264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/prenter.exe"; http_uri; depth:18; isdataat:!1,relative; content:"systemservicex.azurewebsites.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198163/; classtype:trojan-activity;sid:81061263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/searchfile.exe"; http_uri; depth:21; isdataat:!1,relative; content:"systemservicex.azurewebsites.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198162/; classtype:trojan-activity;sid:81061262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/dll.exe"; http_uri; depth:14; isdataat:!1,relative; content:"systemservicex.azurewebsites.net"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198161/; classtype:trojan-activity;sid:81061261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198160/; classtype:trojan-activity;sid:81061260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; content:"68.183.56.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198159/; classtype:trojan-activity;sid:81061259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"45.32.245.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198158/; classtype:trojan-activity;sid:81061258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"134.209.191.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198156/; classtype:trojan-activity;sid:81061256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"167.99.94.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198157/; classtype:trojan-activity;sid:81061257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"134.209.191.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198155/; classtype:trojan-activity;sid:81061255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"134.209.191.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198154/; classtype:trojan-activity;sid:81061254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"45.32.245.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198153/; classtype:trojan-activity;sid:81061253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"68.183.56.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198152/; classtype:trojan-activity;sid:81061252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"68.183.56.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198151/; classtype:trojan-activity;sid:81061251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.i686"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.205.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198150/; classtype:trojan-activity;sid:81061250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.arm5"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.205.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198149/; classtype:trojan-activity;sid:81061249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; content:"45.32.245.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198148/; classtype:trojan-activity;sid:81061248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"195.123.238.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198147/; classtype:trojan-activity;sid:81061247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.arm4"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.205.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198146/; classtype:trojan-activity;sid:81061246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"134.209.191.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198145/; classtype:trojan-activity;sid:81061245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"45.32.245.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198144/; classtype:trojan-activity;sid:81061244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"134.209.191.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198143/; classtype:trojan-activity;sid:81061243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; content:"45.32.245.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198142/; classtype:trojan-activity;sid:81061242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"134.209.191.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198141/; classtype:trojan-activity;sid:81061241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"167.99.94.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198140/; classtype:trojan-activity;sid:81061240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"45.32.245.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198139/; classtype:trojan-activity;sid:81061239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"167.99.94.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198138/; classtype:trojan-activity;sid:81061238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"68.183.56.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198137/; classtype:trojan-activity;sid:81061237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.sparc"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.205.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198136/; classtype:trojan-activity;sid:81061236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; content:"68.183.56.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198135/; classtype:trojan-activity;sid:81061235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"134.209.191.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198134/; classtype:trojan-activity;sid:81061234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; content:"68.183.56.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198133/; classtype:trojan-activity;sid:81061233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.x86"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.205.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198132/; classtype:trojan-activity;sid:81061232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"167.99.94.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198131/; classtype:trojan-activity;sid:81061231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"195.123.238.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198130/; classtype:trojan-activity;sid:81061230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.mips"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.205.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198129/; classtype:trojan-activity;sid:81061229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; content:"167.99.94.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198128/; classtype:trojan-activity;sid:81061228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.i586"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.205.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198127/; classtype:trojan-activity;sid:81061227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"195.123.238.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198126/; classtype:trojan-activity;sid:81061226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"195.123.238.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198125/; classtype:trojan-activity;sid:81061225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"195.123.238.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198124/; classtype:trojan-activity;sid:81061224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"195.123.238.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198123/; classtype:trojan-activity;sid:81061223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"134.209.191.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198122/; classtype:trojan-activity;sid:81061222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"45.32.245.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198121/; classtype:trojan-activity;sid:81061221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"134.209.191.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198120/; classtype:trojan-activity;sid:81061220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; content:"68.183.56.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198119/; classtype:trojan-activity;sid:81061219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"134.209.191.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198118/; classtype:trojan-activity;sid:81061218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.ppc"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.205.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198117/; classtype:trojan-activity;sid:81061217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; content:"167.99.94.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198116/; classtype:trojan-activity;sid:81061216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"195.123.238.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198115/; classtype:trojan-activity;sid:81061215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; content:"167.99.94.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198114/; classtype:trojan-activity;sid:81061214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nut"; http_uri; depth:4; isdataat:!1,relative; content:"134.209.191.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198113/; classtype:trojan-activity;sid:81061213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"68.183.56.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198112/; classtype:trojan-activity;sid:81061212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"68.183.56.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198111/; classtype:trojan-activity;sid:81061211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"45.32.245.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198110/; classtype:trojan-activity;sid:81061210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"134.209.191.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198109/; classtype:trojan-activity;sid:81061209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"167.99.94.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198108/; classtype:trojan-activity;sid:81061208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; content:"167.99.94.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198107/; classtype:trojan-activity;sid:81061207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"68.183.56.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198106/; classtype:trojan-activity;sid:81061206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.arm6"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.205.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198105/; classtype:trojan-activity;sid:81061205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"195.123.238.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198104/; classtype:trojan-activity;sid:81061204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.205.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198103/; classtype:trojan-activity;sid:81061203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; content:"45.32.245.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198102/; classtype:trojan-activity;sid:81061202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; content:"45.32.245.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198101/; classtype:trojan-activity;sid:81061201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.sh4"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.205.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198100/; classtype:trojan-activity;sid:81061200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; content:"168.62.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198099/; classtype:trojan-activity;sid:81061199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"168.62.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198098/; classtype:trojan-activity;sid:81061198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"168.62.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198097/; classtype:trojan-activity;sid:81061197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"168.62.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198096/; classtype:trojan-activity;sid:81061196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; content:"168.62.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198095/; classtype:trojan-activity;sid:81061195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"168.62.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198094/; classtype:trojan-activity;sid:81061194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; content:"168.62.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198093/; classtype:trojan-activity;sid:81061193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"168.62.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198092/; classtype:trojan-activity;sid:81061192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"168.62.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198091/; classtype:trojan-activity;sid:81061191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; content:"168.62.61.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198090/; classtype:trojan-activity;sid:81061190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"165.227.42.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198089/; classtype:trojan-activity;sid:81061189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"165.227.42.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198088/; classtype:trojan-activity;sid:81061188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/components/com_joomlapack/32.exe"; http_uri; depth:33; isdataat:!1,relative; content:"cebige.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198087/; classtype:trojan-activity;sid:81061187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"134.209.164.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198086/; classtype:trojan-activity;sid:81061186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"165.227.42.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198085/; classtype:trojan-activity;sid:81061185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"165.227.42.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198084/; classtype:trojan-activity;sid:81061184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"165.227.42.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198083/; classtype:trojan-activity;sid:81061183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mips"; http_uri; depth:16; isdataat:!1,relative; content:"165.227.42.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198082/; classtype:trojan-activity;sid:81061182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/components/com_joomlapack/32a.exe"; http_uri; depth:34; isdataat:!1,relative; content:"cebige.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198081/; classtype:trojan-activity;sid:81061181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/yes.exe"; http_uri; depth:10; isdataat:!1,relative; content:"okay4sure.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198080/; classtype:trojan-activity;sid:81061180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/now.exe"; http_uri; depth:10; isdataat:!1,relative; content:"okay4sure.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198079/; classtype:trojan-activity;sid:81061179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"165.227.42.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198078/; classtype:trojan-activity;sid:81061178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mar/ww.exe"; http_uri; depth:11; isdataat:!1,relative; content:"mailadvert852.club"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198077/; classtype:trojan-activity;sid:81061177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.132.66.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198076/; classtype:trojan-activity;sid:81061176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"24.214.151.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198075/; classtype:trojan-activity;sid:81061175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cj/py.msi"; http_uri; depth:10; isdataat:!1,relative; content:"www.tandf.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198074/; classtype:trojan-activity;sid:81061174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/capslang/caps-min.exe"; http_uri; depth:28; isdataat:!1,relative; content:"flydom.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198073/; classtype:trojan-activity;sid:81061173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dl/etka%207.5%20updater.exe"; http_uri; depth:28; isdataat:!1,relative; content:"download.conceptndev.fr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198072/; classtype:trojan-activity;sid:81061172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/components/com_joomlapack/z.exe"; http_uri; depth:32; isdataat:!1,relative; content:"cebige.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198071/; classtype:trojan-activity;sid:81061171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/capslang/capslang.exe"; http_uri; depth:28; isdataat:!1,relative; content:"flydom.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198070/; classtype:trojan-activity;sid:81061170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/capslang/caps-min-win-space.exe"; http_uri; depth:38; isdataat:!1,relative; content:"flydom.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198069/; classtype:trojan-activity;sid:81061169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sky/stx55569.exe"; http_uri; depth:17; isdataat:!1,relative; content:"mailadvert852.club"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198068/; classtype:trojan-activity;sid:81061168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gold.exe"; http_uri; depth:9; isdataat:!1,relative; content:"mailadvert852.club"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198067/; classtype:trojan-activity;sid:81061167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/ok.exe"; http_uri; depth:9; isdataat:!1,relative; content:"okay4sure.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198066/; classtype:trojan-activity;sid:81061166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/teamviewerqs.exe"; http_uri; depth:17; isdataat:!1,relative; content:"pemacore.se"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198065/; classtype:trojan-activity;sid:81061165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"134.209.164.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198064/; classtype:trojan-activity;sid:81061164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"134.209.164.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198063/; classtype:trojan-activity;sid:81061163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/seraph.x86"; http_uri; depth:11; isdataat:!1,relative; content:"84.54.49.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198062/; classtype:trojan-activity;sid:81061162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"174.138.52.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198061/; classtype:trojan-activity;sid:81061161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/seraph.arm"; http_uri; depth:11; isdataat:!1,relative; content:"84.54.49.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198060/; classtype:trojan-activity;sid:81061160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"174.138.52.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198059/; classtype:trojan-activity;sid:81061159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/seraph.arm5"; http_uri; depth:12; isdataat:!1,relative; content:"84.54.49.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198058/; classtype:trojan-activity;sid:81061158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/seraph.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"84.54.49.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198057/; classtype:trojan-activity;sid:81061157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"134.209.164.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198056/; classtype:trojan-activity;sid:81061156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"134.209.164.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198054/; classtype:trojan-activity;sid:81061154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/seraph.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"84.54.49.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198055/; classtype:trojan-activity;sid:81061155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/seraph.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"84.54.49.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198053/; classtype:trojan-activity;sid:81061153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/seraph.spc"; http_uri; depth:11; isdataat:!1,relative; content:"84.54.49.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198052/; classtype:trojan-activity;sid:81061152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"174.138.52.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198051/; classtype:trojan-activity;sid:81061151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/seraph.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"84.54.49.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198050/; classtype:trojan-activity;sid:81061150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"134.209.164.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198049/; classtype:trojan-activity;sid:81061149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"134.209.164.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198048/; classtype:trojan-activity;sid:81061148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/seraph.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"84.54.49.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198047/; classtype:trojan-activity;sid:81061147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"174.138.52.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198046/; classtype:trojan-activity;sid:81061146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"174.138.52.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198045/; classtype:trojan-activity;sid:81061145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/seraph.i686"; http_uri; depth:12; isdataat:!1,relative; content:"84.54.49.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198044/; classtype:trojan-activity;sid:81061144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"174.138.52.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198043/; classtype:trojan-activity;sid:81061143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"134.209.164.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198042/; classtype:trojan-activity;sid:81061142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198041/; classtype:trojan-activity;sid:81061141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wf/clickupn=onjekb7ch7kwcsqesxvwjgdtafvtta8fvp0olc-2bqeqqrtmw4gcpm-2f29fgji477ibhvnb5nuu3lo8eaiwmcxeccbrcrkhrshlv-2btp7zuflma4krdrvr31adoiqy4iw3kugdpwa-2ffkks175jsvpvdf5q-3d-3d_fop2sz7kjjkvd95o8goscc-2bjdb8cplza5ggjvud6sxdhsmjlatw5kahvdbplvcvvqgs-2f9fmws2zgprk2ujpfkwtdpshg9liuvpxh63yhxmuyhaqnz9wjumnhaioywktysvtanz3gcs0wr7lvsiwduaif1be8h1og5grvmlmg83msngu5k7yueyie8zm0uljiut0kldoovzrmj8kij1p5yg-3d-3d"; http_uri; depth:402; isdataat:!1,relative; content:"u7906250.ct.sendgrid.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198040/; classtype:trojan-activity;sid:81061140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198039/; classtype:trojan-activity;sid:81061139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198038/; classtype:trojan-activity;sid:81061138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198037/; classtype:trojan-activity;sid:81061137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198036/; classtype:trojan-activity;sid:81061136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198035/; classtype:trojan-activity;sid:81061135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198034/; classtype:trojan-activity;sid:81061134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198033/; classtype:trojan-activity;sid:81061133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.162.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198032/; classtype:trojan-activity;sid:81061132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.mips"; http_uri; depth:15; isdataat:!1,relative; content:"138.68.81.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198031/; classtype:trojan-activity;sid:81061131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm"; http_uri; depth:14; isdataat:!1,relative; content:"138.68.81.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198030/; classtype:trojan-activity;sid:81061130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; content:"142.93.162.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_18; reference:url, urlhaus.abuse.ch/url/198029/; classtype:trojan-activity;sid:81061129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"138.68.81.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198028/; classtype:trojan-activity;sid:81061128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.162.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198027/; classtype:trojan-activity;sid:81061127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/frankjoe/frankjoe.exe"; http_uri; depth:22; isdataat:!1,relative; content:"ruit.live"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198026/; classtype:trojan-activity;sid:81061126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"138.68.81.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198025/; classtype:trojan-activity;sid:81061125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.162.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198024/; classtype:trojan-activity;sid:81061124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198023/; classtype:trojan-activity;sid:81061123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/setup.exe"; http_uri; depth:10; isdataat:!1,relative; content:"mgggp.lisx.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198022/; classtype:trojan-activity;sid:81061122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.x86"; http_uri; depth:14; isdataat:!1,relative; content:"138.68.81.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198021/; classtype:trojan-activity;sid:81061121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198020/; classtype:trojan-activity;sid:81061120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198019/; classtype:trojan-activity;sid:81061119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"104.248.58.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198018/; classtype:trojan-activity;sid:81061118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"142.93.162.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198017/; classtype:trojan-activity;sid:81061117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download_pdf.exe"; http_uri; depth:17; isdataat:!1,relative; content:"mgggp.lisx.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198016/; classtype:trojan-activity;sid:81061116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"142.93.162.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198015/; classtype:trojan-activity;sid:81061115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198014/; classtype:trojan-activity;sid:81061114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198013/; classtype:trojan-activity;sid:81061113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akt%20sverki%20ooo.....pdf.exe"; http_uri; depth:31; isdataat:!1,relative; content:"mgggp.lisx.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198012/; classtype:trojan-activity;sid:81061112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198011/; classtype:trojan-activity;sid:81061111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"138.68.81.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198010/; classtype:trojan-activity;sid:81061110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"138.68.81.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198009/; classtype:trojan-activity;sid:81061109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198008/; classtype:trojan-activity;sid:81061108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198007/; classtype:trojan-activity;sid:81061107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mips"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.162.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198006/; classtype:trojan-activity;sid:81061106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"138.68.81.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198005/; classtype:trojan-activity;sid:81061105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"104.248.58.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198004/; classtype:trojan-activity;sid:81061104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198003/; classtype:trojan-activity;sid:81061103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.162.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198002/; classtype:trojan-activity;sid:81061102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.mips"; http_uri; depth:15; isdataat:!1,relative; content:"138.68.81.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198001/; classtype:trojan-activity;sid:81061101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm"; http_uri; depth:14; isdataat:!1,relative; content:"138.68.81.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/198000/; classtype:trojan-activity;sid:81061100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"31.168.194.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197999/; classtype:trojan-activity;sid:81061099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"138.68.81.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197998/; classtype:trojan-activity;sid:81061098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"31.168.30.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197997/; classtype:trojan-activity;sid:81061097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.162.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197996/; classtype:trojan-activity;sid:81061096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"81.198.87.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197995/; classtype:trojan-activity;sid:81061095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; content:"142.93.162.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197994/; classtype:trojan-activity;sid:81061094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"211.104.242.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197993/; classtype:trojan-activity;sid:81061093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ov2hwgntpx2799cy9l03jak78l_babkq6fwe-55008712818495/"; http_uri; depth:62; isdataat:!1,relative; content:"loanforstudy.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197992/; classtype:trojan-activity;sid:81061092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/gxx2fawhru6axeerjk3p_7i8z1vjilh-3529283555185/"; http_uri; depth:66; isdataat:!1,relative; content:"les.nyc"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197991/; classtype:trojan-activity;sid:81061091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tu/payment.xls"; http_uri; depth:15; isdataat:!1,relative; content:"untethering-breaks.000webhostapp.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197990/; classtype:trojan-activity;sid:81061090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/02_2019_tt-bng.docid=zwr3yxjkdnuyn0bnbwfpbc5jb20="; http_uri; depth:50; isdataat:!1,relative; content:"185.234.73.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197989/; classtype:trojan-activity;sid:81061089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/document/sycsbmjcnbljmhv/"; http_uri; depth:35; isdataat:!1,relative; content:"1mm.site"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197988/; classtype:trojan-activity;sid:81061088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; content:"prestigeperm.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197987/; classtype:trojan-activity;sid:81061087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/doc/n47uq53evl5k4aok0m3u4c_matymqo8dn-00080612/"; http_uri; depth:55; isdataat:!1,relative; content:"tamsuamy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197986/; classtype:trojan-activity;sid:81061086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/heart/inc/wpb3sxn9o1zj4gth_ueiavrvmj-94874739/"; http_uri; depth:47; isdataat:!1,relative; content:"heartburnsafe.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197985/; classtype:trojan-activity;sid:81061085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/m9z2zfv8ty8piy8n3n673jni2_7qxt66f-060570155262/"; http_uri; depth:63; isdataat:!1,relative; content:"rumahrumputlaut.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197984/; classtype:trojan-activity;sid:81061084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/dok/latakzeikwawpvfwgktuqrlriukrrl/"; http_uri; depth:44; isdataat:!1,relative; content:"allbusinesslisting.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197983/; classtype:trojan-activity;sid:81061083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/document/e5dkvpp8hhx_fc568mru-29493963168/"; http_uri; depth:52; isdataat:!1,relative; content:"www.adil-darugar.fr"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197982/; classtype:trojan-activity;sid:81061082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/esp/omnwwcrinzbudtqjzjbwaewwim/"; http_uri; depth:43; isdataat:!1,relative; content:"morshinnet.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197981/; classtype:trojan-activity;sid:81061081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/saicollection/9tnulb5pniumdu53qd5adk_k9gzahh9o-436784313075/"; http_uri; depth:61; isdataat:!1,relative; content:"gigmoz.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197980/; classtype:trojan-activity;sid:81061080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/lm/iwy6t7o3eo78_0ypzx0hes-26872424816/"; http_uri; depth:48; isdataat:!1,relative; content:"8poverh.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197979/; classtype:trojan-activity;sid:81061079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/sscixotzambu/"; http_uri; depth:22; isdataat:!1,relative; content:"30undertennis.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197978/; classtype:trojan-activity;sid:81061078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/new/parts_service/2cljnkezfje61yi5i3gidtylki1t_pfjx11gy-0167021759547/"; http_uri; depth:71; isdataat:!1,relative; content:"advokat-kov.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197977/; classtype:trojan-activity;sid:81061077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/02_2019_tt-bng.docid=bmd1ewvucxvvy21hbmguynfwqgdtywlslmnvbq=="; http_uri; depth:62; isdataat:!1,relative; content:"185.234.73.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197976/; classtype:trojan-activity;sid:81061076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/parts_service/mkgghvcsue/"; http_uri; depth:35; isdataat:!1,relative; content:"2mm.site"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197975/; classtype:trojan-activity;sid:81061075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/4t9hfvo0mhuo2wbm4gnybzj6_0faosb-30207636/"; http_uri; depth:49; isdataat:!1,relative; content:"anayi.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197974/; classtype:trojan-activity;sid:81061074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lug.exe"; http_uri; depth:8; isdataat:!1,relative; content:"mailadvert852.club"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197973/; classtype:trojan-activity;sid:81061073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/le1kcb7jby_5xu6hgr0dd-93379625880817/"; http_uri; depth:42; isdataat:!1,relative; content:"alphalif.se"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197972/; classtype:trojan-activity;sid:81061072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/paclm/xs7iayebhxav43itekey_684m3-36315752815490/"; http_uri; depth:58; isdataat:!1,relative; content:"4mm.site"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197971/; classtype:trojan-activity;sid:81061071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templets/shenbo/sunbetgamesetup5.4.5.exe"; http_uri; depth:41; isdataat:!1,relative; content:"988sconline.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197970/; classtype:trojan-activity;sid:81061070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scan/vkgujaok/"; http_uri; depth:24; isdataat:!1,relative; content:"applesin.in.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197969/; classtype:trojan-activity;sid:81061069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dk.exe"; http_uri; depth:7; isdataat:!1,relative; content:"mgggp.lisx.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197968/; classtype:trojan-activity;sid:81061068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/document001.exe"; http_uri; depth:16; isdataat:!1,relative; content:"mgggp.lisx.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197967/; classtype:trojan-activity;sid:81061067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20190118/multishare.exe"; http_uri; depth:24; isdataat:!1,relative; content:"hostpp.ml"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197966/; classtype:trojan-activity;sid:81061066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/vr23xzu3_4fu1rill-05769244/"; http_uri; depth:41; isdataat:!1,relative; content:"adbee.tk"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197965/; classtype:trojan-activity;sid:81061065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.exe"; http_uri; depth:13; isdataat:!1,relative; content:"mgggp.lisx.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197964/; classtype:trojan-activity;sid:81061064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/llc/vgxngmulhzikudbmyvtyqjrztdjj/"; http_uri; depth:43; isdataat:!1,relative; content:"alex.zhivi-bogato.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197963/; classtype:trojan-activity;sid:81061063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/sites/jcpf6vdw8w_aynhf-24814159993785/"; http_uri; depth:49; isdataat:!1,relative; content:"51wmys.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197962/; classtype:trojan-activity;sid:81061062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/r04fyabv1mtksp1tgi5mnhgnxparl_3p7hn1m-18151334886016/"; http_uri; depth:66; isdataat:!1,relative; content:"akoagro.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197961/; classtype:trojan-activity;sid:81061061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lm/aspdvjqqenclfsu/"; http_uri; depth:32; isdataat:!1,relative; content:"adkhw.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197960/; classtype:trojan-activity;sid:81061060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/document/vfh2cntlby3warq_v2gqag9b-5724108769/"; http_uri; depth:58; isdataat:!1,relative; content:"anarmed.ge"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197959/; classtype:trojan-activity;sid:81061059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/argentina/wp-content/uploads/js_composer/paclm/pttymks2m_1wjvsp-040621983/"; http_uri; depth:75; isdataat:!1,relative; content:"akoline.com.ar"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197958/; classtype:trojan-activity;sid:81061058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/llc/sfsn56f9mmil3omdgkmw3866elq6b6_aqjz8l-158616319099840/"; http_uri; depth:67; isdataat:!1,relative; content:"ag777.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197957/; classtype:trojan-activity;sid:81061057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/y2o7x25x04us850gpca2ogh_mc4rmv-270782010665758/"; http_uri; depth:63; isdataat:!1,relative; content:"academia.sprint7.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197956/; classtype:trojan-activity;sid:81061056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0bnr/file/uqftm5q5kyuw46b1_lncr44-686604949932/"; http_uri; depth:48; isdataat:!1,relative; content:"3e-science.co.jp"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197955/; classtype:trojan-activity;sid:81061055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/3baoaipzi6mqy7whlt33b7vmtdum_wig6m156m1-615007073/"; http_uri; depth:62; isdataat:!1,relative; content:"basarirerkekyurdu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197954/; classtype:trojan-activity;sid:81061054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uma-site/lm/aspfbpslpfvhslssmuabphxxdfv/"; http_uri; depth:41; isdataat:!1,relative; content:"avitrons.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197953/; classtype:trojan-activity;sid:81061053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/inc/scl0jn4di5vbchuyunuyep8eryel5_jmybt4onpm-91631390137833/"; http_uri; depth:80; isdataat:!1,relative; content:"agrobanaselaras.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197952/; classtype:trojan-activity;sid:81061052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_notes/parts_service/pzutaknhgonklbzkb/"; http_uri; depth:40; isdataat:!1,relative; content:"atkt.markv.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197951/; classtype:trojan-activity;sid:81061051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pages/wmog67unlko5a6tgteoplvhxqc9dd3_wuo9ve-955815100504/"; http_uri; depth:69; isdataat:!1,relative; content:"autoscostarica.cr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197950/; classtype:trojan-activity;sid:81061050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wpthumbnails/lm/whyzqpuznz/"; http_uri; depth:28; isdataat:!1,relative; content:"broadlawns.co.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197949/; classtype:trojan-activity;sid:81061049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/parts_service/gyxp0yb8ny08cldus9_iz952p72ql-12633794221713/"; http_uri; depth:69; isdataat:!1,relative; content:"bystekstil.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197948/; classtype:trojan-activity;sid:81061048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/2x3f8_sl7a5i-4284768725"; http_uri; depth:35; isdataat:!1,relative; content:"grupoxn.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197947/; classtype:trojan-activity;sid:81061047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/fkeae3awg9k6b2dwmkpxxa64v7cw_4uaqa-69978485/"; http_uri; depth:53; isdataat:!1,relative; content:"bloomflores.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197946/; classtype:trojan-activity;sid:81061046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/llc/raf3n3odxco400jjjpi2hf290qlgl_prw4uxr0-7763309726/"; http_uri; depth:58; isdataat:!1,relative; content:"aidencourt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197945/; classtype:trojan-activity;sid:81061045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/advanced-cron-manager/parts_service/d6yju8iv2d8i2jvtfqb3_90xlab0wz-784476784/"; http_uri; depth:97; isdataat:!1,relative; content:"bmwselect.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197944/; classtype:trojan-activity;sid:81061044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/vlyebegqcq/"; http_uri; depth:31; isdataat:!1,relative; content:"bornkickers.kounterdev.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197943/; classtype:trojan-activity;sid:81061043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/paclm/kzkgmvfbmlftaweyzcztpkhwa/"; http_uri; depth:43; isdataat:!1,relative; content:"capnensensejoguina.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197942/; classtype:trojan-activity;sid:81061042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/document/e5dkvpp8hhx_fc568mru-29493963168/"; http_uri; depth:52; isdataat:!1,relative; content:"chirurgien-ophtalmo-retine.fr"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197941/; classtype:trojan-activity;sid:81061041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/iwyzezhokhmjzqsyxpoxaazvajjys/"; http_uri; depth:42; isdataat:!1,relative; content:"artislandjp.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197940/; classtype:trojan-activity;sid:81061040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/paclm/aiis129kg7ihz0p50gkjgiafh9okbo_1l7vp-334229597472229/"; http_uri; depth:71; isdataat:!1,relative; content:"billy.voxmagneta.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197939/; classtype:trojan-activity;sid:81061039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/admin/wamayszujkazyzxtg/"; http_uri; depth:25; isdataat:!1,relative; content:"cityride.co.ke"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197938/; classtype:trojan-activity;sid:81061038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x3ufe9/file/keffphaz/"; http_uri; depth:22; isdataat:!1,relative; content:"chchomesales.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197937/; classtype:trojan-activity;sid:81061037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/39c0ef/lm/b0qb5fmtznzk5u6fe69otm4l66c_936pijskp-49454200064264/"; http_uri; depth:64; isdataat:!1,relative; content:"bkarakas.ztml.k12.tr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197936/; classtype:trojan-activity;sid:81061036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/document/lc9l0567sgloqwgr06yn9wz_v66bhhvoc1-9919282734635/"; http_uri; depth:67; isdataat:!1,relative; content:"chakravatnews.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197935/; classtype:trojan-activity;sid:81061035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/llc/cyukxspaph/"; http_uri; depth:24; isdataat:!1,relative; content:"cantaros.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197934/; classtype:trojan-activity;sid:81061034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/file/yvgqwestegqwlbjvmkccmolbqjkutz/"; http_uri; depth:48; isdataat:!1,relative; content:"congchunggiakhanh.vn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197933/; classtype:trojan-activity;sid:81061033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dtjd/qm79obxj5xy12zee1n72jf4z_8akps-7089410334/"; http_uri; depth:48; isdataat:!1,relative; content:"dev.strkdesign.nl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197932/; classtype:trojan-activity;sid:81061032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/llc/sranyefyeyvlkwkycdfftjqh/"; http_uri; depth:33; isdataat:!1,relative; content:"developing.soulbrights.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197931/; classtype:trojan-activity;sid:81061031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tms/wp-content/themes/education-booster/ixhdbmbiwcygyahuxaybmt/"; http_uri; depth:64; isdataat:!1,relative; content:"demo.lamppostmedia.in"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197930/; classtype:trojan-activity;sid:81061030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/tteicudkghgghchrwql/"; http_uri; depth:30; isdataat:!1,relative; content:"door-craft.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197929/; classtype:trojan-activity;sid:81061029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/spi/storage/llc/tqebgnahha7xvpxpmy_422q7ygl5q-528592909998856/"; http_uri; depth:63; isdataat:!1,relative; content:"diu.unheval.edu.pe"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197928/; classtype:trojan-activity;sid:81061028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/rxyjivxjdtyfeeoafgprkslmu/"; http_uri; depth:42; isdataat:!1,relative; content:"gharbkilid.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197927/; classtype:trojan-activity;sid:81061027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/foxe/file/pmtx4alvqq619qw_kwra3l-4924632531868/"; http_uri; depth:48; isdataat:!1,relative; content:"garlpex.org.zw"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197926/; classtype:trojan-activity;sid:81061026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/esp/xdeszvyahcdjfbkqtoqgaoeefrq/"; http_uri; depth:52; isdataat:!1,relative; content:"aradministracionintegral.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197925/; classtype:trojan-activity;sid:81061025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/azor57.exe"; http_uri; depth:11; isdataat:!1,relative; content:"mailadvert852.club"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197924/; classtype:trojan-activity;sid:81061024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/njpdbakugztndzin/"; http_uri; depth:22; isdataat:!1,relative; content:"foreignmartbd.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197923/; classtype:trojan-activity;sid:81061023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pi/wp-content/kkrxhcnmaxlyg/"; http_uri; depth:29; isdataat:!1,relative; content:"ea-rmuti.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197922/; classtype:trojan-activity;sid:81061022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/02_2019_tt-bng.doc"; http_uri; depth:19; isdataat:!1,relative; content:"185.234.73.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197921/; classtype:trojan-activity;sid:81061021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/inc/gc2cbhec5tyopayzcmhxcdl_kdwcp1hlhz-488338475754039/"; http_uri; depth:75; isdataat:!1,relative; content:"masterchoicepizza.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197920/; classtype:trojan-activity;sid:81061020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sve8uvm8csrux7of_xv87jqian7-12284113/"; http_uri; depth:49; isdataat:!1,relative; content:"brandimpressions.co.zw"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197919/; classtype:trojan-activity;sid:81061019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/wwql8uc746/"; http_uri; depth:21; isdataat:!1,relative; content:"kulalusramag.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197918/; classtype:trojan-activity;sid:81061018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/m3455/"; http_uri; depth:19; isdataat:!1,relative; content:"giumaithanhxuan.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197917/; classtype:trojan-activity;sid:81061017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/q1/"; http_uri; depth:16; isdataat:!1,relative; content:"lafloraevents.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197916/; classtype:trojan-activity;sid:81061016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/w85/"; http_uri; depth:24; isdataat:!1,relative; content:"healthytick.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197915/; classtype:trojan-activity;sid:81061015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/8ny9evo5/"; http_uri; depth:19; isdataat:!1,relative; content:"munteanuion.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197914/; classtype:trojan-activity;sid:81061014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scss/jhkavc7zpcet_noz7a-08940771/"; http_uri; depth:34; isdataat:!1,relative; content:"inein.mx"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197913/; classtype:trojan-activity;sid:81061013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/llc/xinubjicllcejfhkp/"; http_uri; depth:34; isdataat:!1,relative; content:"capquangvungtau.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197912/; classtype:trojan-activity;sid:81061012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/inc/5b1yjo3a2czeua96f2_qh216c-6624318531002/"; http_uri; depth:56; isdataat:!1,relative; content:"capquangvungtau.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197911/; classtype:trojan-activity;sid:81061011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/co/esp/cza0kklmw_r38hfwkh-761849473941/"; http_uri; depth:40; isdataat:!1,relative; content:"bkkps.co.th"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197910/; classtype:trojan-activity;sid:81061010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/write/images/stroi.zip"; http_uri; depth:41; isdataat:!1,relative; content:"getaudiopress.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197909/; classtype:trojan-activity;sid:81061009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"134.209.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197907/; classtype:trojan-activity;sid:81061007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; content:"134.209.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197908/; classtype:trojan-activity;sid:81061008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"134.209.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197906/; classtype:trojan-activity;sid:81061006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"134.209.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197905/; classtype:trojan-activity;sid:81061005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/lm/shyrnvogewjzzfbofyki/"; http_uri; depth:34; isdataat:!1,relative; content:"cityhomes.lk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197904/; classtype:trojan-activity;sid:81061004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/toq7/file/e9wj6l1f84zgvtbnu494vq59_dhgdvdhhn8-52283825654948/"; http_uri; depth:62; isdataat:!1,relative; content:"chavooshstudio.ir"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197903/; classtype:trojan-activity;sid:81061003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/write/images/zakaz.zip"; http_uri; depth:41; isdataat:!1,relative; content:"getaudiopress.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197902/; classtype:trojan-activity;sid:81061002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"134.209.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197901/; classtype:trojan-activity;sid:81061001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ajax/parts_service/zwmuhhvvxvmquekqkxqmtczr/"; http_uri; depth:45; isdataat:!1,relative; content:"clorent.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197900/; classtype:trojan-activity;sid:81061000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/3p06pqb5cxah_9o1a4f-661424221533445/"; http_uri; depth:50; isdataat:!1,relative; content:"devwp.absclp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197899/; classtype:trojan-activity;sid:81060999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/0eou090z19swauw26buowtra3bfhgb_0rmujb2-12142489/"; http_uri; depth:61; isdataat:!1,relative; content:"deerworkflow.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197898/; classtype:trojan-activity;sid:81060998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content_exported/llc/acx3ms62n_e1toyrawk-169922458553753/"; http_uri; depth:61; isdataat:!1,relative; content:"chugoku-shikoku.cms.ripplewerkz.co"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197897/; classtype:trojan-activity;sid:81060997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"37.130.81.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197896/; classtype:trojan-activity;sid:81060996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"12.178.187.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197895/; classtype:trojan-activity;sid:81060995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"36.228.41.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197894/; classtype:trojan-activity;sid:81060994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cftv/v54ucb6oe1ycj93_fusektth-564258474/"; http_uri; depth:41; isdataat:!1,relative; content:"crservicos.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197893/; classtype:trojan-activity;sid:81060993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"134.209.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197892/; classtype:trojan-activity;sid:81060992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/file/oal3dsh1ii8hwcsrsr6_9wpmzfop8-9587817864/"; http_uri; depth:59; isdataat:!1,relative; content:"demo3.bicweb.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197891/; classtype:trojan-activity;sid:81060991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/file/32ftgky4_gkm4dui84-280515485541283/"; http_uri; depth:52; isdataat:!1,relative; content:"demo.xonxen.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197890/; classtype:trojan-activity;sid:81060990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/write/images/msg.jpg"; http_uri; depth:39; isdataat:!1,relative; content:"getaudiopress.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197889/; classtype:trojan-activity;sid:81060989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/joomla/mllymnnckryzm/"; http_uri; depth:22; isdataat:!1,relative; content:"demo2.tertiarytraining.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197888/; classtype:trojan-activity;sid:81060988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/pages/djemrsupzmzimhrpvtsurild/"; http_uri; depth:39; isdataat:!1,relative; content:"dev-visionsharp.co.uk"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197887/; classtype:trojan-activity;sid:81060987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/vky2upshs_7vkn3a-4894152276061/"; http_uri; depth:42; isdataat:!1,relative; content:"advantageautoworks.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197886/; classtype:trojan-activity;sid:81060986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/5qp5o49wh8s2hd8k15hpcqs84ohe_4fhs4f5vr-877540190855384/"; http_uri; depth:75; isdataat:!1,relative; content:"dembo.bangkok.th.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197885/; classtype:trojan-activity;sid:81060985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pages/kolvurhgjekqm/"; http_uri; depth:32; isdataat:!1,relative; content:"disperumkim.baliprov.go.id"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197884/; classtype:trojan-activity;sid:81060984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2/50811"; http_uri; depth:8; isdataat:!1,relative; content:"45.67.14.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197883/; classtype:trojan-activity;sid:81060983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/file/wjejoyabkhibalntkpbjwy/"; http_uri; depth:40; isdataat:!1,relative; content:"eric-mandala.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197882/; classtype:trojan-activity;sid:81060982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/doc/mzcjbbmhcsx/"; http_uri; depth:21; isdataat:!1,relative; content:"elenamagic.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197881/; classtype:trojan-activity;sid:81060981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wpp-admin/tknewc.exe"; http_uri; depth:21; isdataat:!1,relative; content:"kemostarlogistics.co.ke"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197880/; classtype:trojan-activity;sid:81060980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/l2.jpg"; http_uri; depth:7; isdataat:!1,relative; content:"stylleeyes.co.za"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197879/; classtype:trojan-activity;sid:81060979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/web/uploads/20190513/b3ce5b46d81426c9c83131a1d74c7c2c.exe"; http_uri; depth:58; isdataat:!1,relative; content:"res.uf1.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197878/; classtype:trojan-activity;sid:81060978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/moviewebsite/pages/rt1rxg7fgo6o6oisb7sxipslefg_qmjebpo54-2478286189/"; http_uri; depth:69; isdataat:!1,relative; content:"djdesvn.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197877/; classtype:trojan-activity;sid:81060977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/tafun4urfhay_l06akx-911889611836/"; http_uri; depth:45; isdataat:!1,relative; content:"diamondgroup.com.vn"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197876/; classtype:trojan-activity;sid:81060976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aeqr/izkenjhvmnbuyhdfhhanledqqlait/"; http_uri; depth:36; isdataat:!1,relative; content:"films-ipad.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197875/; classtype:trojan-activity;sid:81060975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tr/ftcerrgd5qagqsqw7msargkyy_s91lj0fiyp-431699449079/"; http_uri; depth:54; isdataat:!1,relative; content:"elmassahome.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197874/; classtype:trojan-activity;sid:81060974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/lm/idmgmpdfajlhaaanravypp/"; http_uri; depth:46; isdataat:!1,relative; content:"fluo.ocebo.fr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197873/; classtype:trojan-activity;sid:81060973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/paclm/nh5j0tdunq1qu11n69xg9czfo1cm_ymbw5-4736698155555/"; http_uri; depth:59; isdataat:!1,relative; content:"dolcelab.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197872/; classtype:trojan-activity;sid:81060972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/inc/zbkeaxnq23_kc7ybzr8-58810947871/"; http_uri; depth:47; isdataat:!1,relative; content:"benshill.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197871/; classtype:trojan-activity;sid:81060971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/qcckbgrghsddg/"; http_uri; depth:24; isdataat:!1,relative; content:"fridgerepairqatar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197870/; classtype:trojan-activity;sid:81060970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/pomvnthwuaykrassuubtqp/"; http_uri; depth:27; isdataat:!1,relative; content:"elegant-dream.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197869/; classtype:trojan-activity;sid:81060969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/document/wdvy75bc_gi1o7yipk-037024338/"; http_uri; depth:51; isdataat:!1,relative; content:"gen1.vfull.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197868/; classtype:trojan-activity;sid:81060968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/llc/vmnifzb771plk_x7koaqogml-8830515802620/"; http_uri; depth:53; isdataat:!1,relative; content:"grandesophia.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197867/; classtype:trojan-activity;sid:81060967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/file/c6rc9mi35xjbms6eeqdm7b8y_zviyle2ozh-383346665690/"; http_uri; depth:63; isdataat:!1,relative; content:"haitianshowbizz.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197866/; classtype:trojan-activity;sid:81060966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/file/2gkthv5jgk5by3go0p60q_mgjyu7d40-005984582898580/"; http_uri; depth:73; isdataat:!1,relative; content:"enjoy.cat"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197865/; classtype:trojan-activity;sid:81060965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/doc/tgfftnhvzatzeqlmhrqcdl/"; http_uri; depth:38; isdataat:!1,relative; content:"hegdesoujanya.shsoujanya.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197864/; classtype:trojan-activity;sid:81060964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/paclm/qvueillc/"; http_uri; depth:25; isdataat:!1,relative; content:"icpm-cipm.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197863/; classtype:trojan-activity;sid:81060963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pages/gzbqnhfjuhcy/"; http_uri; depth:31; isdataat:!1,relative; content:"ipc2017capetown.iussp.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197862/; classtype:trojan-activity;sid:81060962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/soft/zikmwkardq/"; http_uri; depth:17; isdataat:!1,relative; content:"avrdevices.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197861/; classtype:trojan-activity;sid:81060961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/tipfceap/"; http_uri; depth:19; isdataat:!1,relative; content:"ortodontagliwice.com.pl"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197860/; classtype:trojan-activity;sid:81060960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/3r5l_nt34dqjxr7-3/"; http_uri; depth:31; isdataat:!1,relative; content:"novametal.cl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197859/; classtype:trojan-activity;sid:81060959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/video/axinpxsb/"; http_uri; depth:16; isdataat:!1,relative; content:"fullinnova.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197858/; classtype:trojan-activity;sid:81060958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/cel3xz7ik6_u5a7be-354524163/"; http_uri; depth:40; isdataat:!1,relative; content:"naft-dz.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197857/; classtype:trojan-activity;sid:81060957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/pages/f7c3q50xzoah3besqoua9uby_krc9wg668-22608382178/"; http_uri; depth:63; isdataat:!1,relative; content:"clipsonline.org.ua"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197856/; classtype:trojan-activity;sid:81060956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/epiksel/esp/v3ptnnl6fs5al_84jtwamp-82243430084/"; http_uri; depth:48; isdataat:!1,relative; content:"jmade.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197855/; classtype:trojan-activity;sid:81060955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/inc/gw3ylizcuoloa_fizi77v-661011974372431/"; http_uri; depth:53; isdataat:!1,relative; content:"innovomkt.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197854/; classtype:trojan-activity;sid:81060954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lk/fbguxiaxqehwcbzc/"; http_uri; depth:21; isdataat:!1,relative; content:"jesp.ieconom.kz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197853/; classtype:trojan-activity;sid:81060953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/mkjninvptvrickd/"; http_uri; depth:29; isdataat:!1,relative; content:"fish-ua.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197852/; classtype:trojan-activity;sid:81060952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rikkyo/kw7/"; http_uri; depth:12; isdataat:!1,relative; content:"hanabishi.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197851/; classtype:trojan-activity;sid:81060951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/baytest2/3zf1ba7569/"; http_uri; depth:21; isdataat:!1,relative; content:"irbf.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197850/; classtype:trojan-activity;sid:81060950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tutorial/addnews/css/25301/"; http_uri; depth:28; isdataat:!1,relative; content:"irismal.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197849/; classtype:trojan-activity;sid:81060949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/hqw76y14/"; http_uri; depth:19; isdataat:!1,relative; content:"aldocontreras.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197848/; classtype:trojan-activity;sid:81060948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/6ns631/"; http_uri; depth:17; isdataat:!1,relative; content:"hpaudiobooksfree.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197847/; classtype:trojan-activity;sid:81060947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/swmtravprszrqocyqgsaurqn/"; http_uri; depth:37; isdataat:!1,relative; content:"harishnautiyal.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197846/; classtype:trojan-activity;sid:81060946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/language/open_network/biz/en/sign/sent/"; http_uri; depth:40; isdataat:!1,relative; content:"had.at"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197845/; classtype:trojan-activity;sid:81060945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/trusted_area/net/us/sign/office/"; http_uri; depth:42; isdataat:!1,relative; content:"giveaways.secondtononenutrition.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197844/; classtype:trojan-activity;sid:81060944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/orderv2/file/21y5pfd9mbj0nhwilkh2epwwp_2nhfk1n8-9381369434931/"; http_uri; depth:63; isdataat:!1,relative; content:"happyatomy.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197843/; classtype:trojan-activity;sid:81060943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/document/xve9hvwg_ako8h5mh2-1809207412/"; http_uri; depth:49; isdataat:!1,relative; content:"istanbul-lazzat.uz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197842/; classtype:trojan-activity;sid:81060942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/esp/ny6kwhjwwognk_bc7qcu00wj-81739611/"; http_uri; depth:50; isdataat:!1,relative; content:"jimenezdesigngroup.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197841/; classtype:trojan-activity;sid:81060941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"134.209.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197840/; classtype:trojan-activity;sid:81060940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pyro/scan/vds5n53mk9elu9s_dfv1fy32zq-9079217218065/"; http_uri; depth:52; isdataat:!1,relative; content:"jessijonesstar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197839/; classtype:trojan-activity;sid:81060939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scan/mhcfhjktbdxbhxrjjzprsxcbobtspl/"; http_uri; depth:46; isdataat:!1,relative; content:"kevinjay.me"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197838/; classtype:trojan-activity;sid:81060938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/contract_document.jar"; http_uri; depth:22; isdataat:!1,relative; content:"hrsgkworker.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197837/; classtype:trojan-activity;sid:81060937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/document/27iv1yrg28deb9qia7mqcxifb_3wawzt-20640129400/"; http_uri; depth:63; isdataat:!1,relative; content:"klychina.chttit.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197836/; classtype:trojan-activity;sid:81060936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cedom/skm-mclaw0005062019.zip"; http_uri; depth:30; isdataat:!1,relative; content:"folivb.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197835/; classtype:trojan-activity;sid:81060935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cedom/skm-mclaw0005062019.exe"; http_uri; depth:30; isdataat:!1,relative; content:"folivb.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197834/; classtype:trojan-activity;sid:81060934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sarbk/hbg.jsc_2019.exe"; http_uri; depth:23; isdataat:!1,relative; content:"folivb.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197833/; classtype:trojan-activity;sid:81060933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ildis/file/uxlmc3g0i4e6k6yx7fuupdxnd_9bq12vn6-86392596458481/"; http_uri; depth:62; isdataat:!1,relative; content:"jdih.sumsel.kemenkumham.go.id"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197832/; classtype:trojan-activity;sid:81060932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yioc/rfbgsmqwwcepgflbmitgh/"; http_uri; depth:28; isdataat:!1,relative; content:"kinderarzt-mistelbach.at"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197831/; classtype:trojan-activity;sid:81060931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/parts_service/xzree20twuo7qxj92l1tz_4fxhkz8ot-60264947320/"; http_uri; depth:71; isdataat:!1,relative; content:"egplms.okmot.kg"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197830/; classtype:trojan-activity;sid:81060930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/brbskszz/"; http_uri; depth:25; isdataat:!1,relative; content:"mak.nkpk.org.ua"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197829/; classtype:trojan-activity;sid:81060929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/pages/tvcqhkjxmedvievugmrzwugpord/"; http_uri; depth:43; isdataat:!1,relative; content:"lifetransformersgroup.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197828/; classtype:trojan-activity;sid:81060928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/01.exe"; http_uri; depth:7; isdataat:!1,relative; content:"noreply2.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197827/; classtype:trojan-activity;sid:81060927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"104.248.58.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197826/; classtype:trojan-activity;sid:81060926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"37.26.61.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197825/; classtype:trojan-activity;sid:81060925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"27.64.216.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197824/; classtype:trojan-activity;sid:81060924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/noujou-doc/gmxqaujptjktfz/"; http_uri; depth:27; isdataat:!1,relative; content:"es-noujou.agricom.co.jp"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197823/; classtype:trojan-activity;sid:81060923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/shapely/inc/custom-controls/1c.jpg"; http_uri; depth:53; isdataat:!1,relative; content:"mysanta.000webhostapp.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197822/; classtype:trojan-activity;sid:81060922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/parts_service/adwjlsxguuiefhr/"; http_uri; depth:39; isdataat:!1,relative; content:"mentes.bolt.hu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197821/; classtype:trojan-activity;sid:81060921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/old/doc/ljhtnegcmyanm/"; http_uri; depth:23; isdataat:!1,relative; content:"lp2m.iainjambi.ac.id"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197820/; classtype:trojan-activity;sid:81060920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ntsl5a8pj4jracl8o0i908_gxolr9-70253791/"; http_uri; depth:49; isdataat:!1,relative; content:"juttichoo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197819/; classtype:trojan-activity;sid:81060919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bzzj/file/rympq87fh2nzhs34p2u9qh03cecdj_i76g7k-76617244463046/"; http_uri; depth:63; isdataat:!1,relative; content:"hagmann.at"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197818/; classtype:trojan-activity;sid:81060918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/shrhakyybmz/"; http_uri; depth:24; isdataat:!1,relative; content:"mara-bau.kg"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197817/; classtype:trojan-activity;sid:81060917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/word.doc"; http_uri; depth:13; isdataat:!1,relative; content:"tsh-lewandowski.pl"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197816/; classtype:trojan-activity;sid:81060916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/872c3i63o7_eilxd69-588594012261116/"; http_uri; depth:43; isdataat:!1,relative; content:"masbaheri.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197815/; classtype:trojan-activity;sid:81060915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uzadghje.exe"; http_uri; depth:13; isdataat:!1,relative; content:"216.170.123.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197814/; classtype:trojan-activity;sid:81060914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/esp/mgh55ffaukk4m1m8wq_osnbr8u-8826913633/"; http_uri; depth:54; isdataat:!1,relative; content:"monument.rsvpu.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197813/; classtype:trojan-activity;sid:81060913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/aprkphcrhuwhu/"; http_uri; depth:28; isdataat:!1,relative; content:"mmateoc.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197812/; classtype:trojan-activity;sid:81060912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/udkiqur=866116"; http_uri; depth:15; isdataat:!1,relative; content:"littleitalypizzaues.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197811/; classtype:trojan-activity;sid:81060911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bforacmhnv=310846"; http_uri; depth:18; isdataat:!1,relative; content:"leancrustnyc.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197810/; classtype:trojan-activity;sid:81060910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nasgdtslcaxeetgwb=8"; http_uri; depth:20; isdataat:!1,relative; content:"oldtowndelivirginia.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197809/; classtype:trojan-activity;sid:81060909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xpqxdcnkwhrnerq=068721"; http_uri; depth:23; isdataat:!1,relative; content:"melangegreengourmetnyc.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197808/; classtype:trojan-activity;sid:81060908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/file/6uwflygw7h3y5oypxrje_m4zz3w3-175725723317644/"; http_uri; depth:63; isdataat:!1,relative; content:"mmm.arcticdeveloper.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197807/; classtype:trojan-activity;sid:81060907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/syscargo/parts_service/igzwrtzjvuiopbupyopl/"; http_uri; depth:45; isdataat:!1,relative; content:"logisticshopping.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197806/; classtype:trojan-activity;sid:81060906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/lvhtafwlzuawjkyxycaf/"; http_uri; depth:30; isdataat:!1,relative; content:"matthewvincent.ca"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197805/; classtype:trojan-activity;sid:81060905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/pages/rbjqvnndsgdpmbinhizdfvjf/"; http_uri; depth:36; isdataat:!1,relative; content:"nieuw.goeieete.nl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197804/; classtype:trojan-activity;sid:81060904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/images/bueknxxppw/"; http_uri; depth:28; isdataat:!1,relative; content:"newsone.zapbuild.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197803/; classtype:trojan-activity;sid:81060903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/verification_area/sec/us/myaccount/new_resourses/"; http_uri; depth:59; isdataat:!1,relative; content:"doanthanhnien.spktvinh.edu.vn"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197802/; classtype:trojan-activity;sid:81060902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/d/2014-06-12_djylh.exe"; http_uri; depth:51; isdataat:!1,relative; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197801/; classtype:trojan-activity;sid:81060901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/p/pocketrar350sc.exe"; http_uri; depth:49; isdataat:!1,relative; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197800/; classtype:trojan-activity;sid:81060900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/licr.pif"; http_uri; depth:16; isdataat:!1,relative; content:"www.mectronics.it"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197799/; classtype:trojan-activity;sid:81060899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/o9/610991"; http_uri; depth:10; isdataat:!1,relative; content:"45.67.14.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197798/; classtype:trojan-activity;sid:81060898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/ojay/oj.exe"; http_uri; depth:19; isdataat:!1,relative; content:"le-bistrot-depicure.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197797/; classtype:trojan-activity;sid:81060897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"5.56.94.218"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197796/; classtype:trojan-activity;sid:81060896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"72.173.212.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197795/; classtype:trojan-activity;sid:81060895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"109.185.44.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197794/; classtype:trojan-activity;sid:81060894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"23.243.91.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197793/; classtype:trojan-activity;sid:81060893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"89.230.29.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197792/; classtype:trojan-activity;sid:81060892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"89.35.10.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197791/; classtype:trojan-activity;sid:81060891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"109.185.21.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197790/; classtype:trojan-activity;sid:81060890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.42.115.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197789/; classtype:trojan-activity;sid:81060889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"198.12.97.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197788/; classtype:trojan-activity;sid:81060888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"198.12.97.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197787/; classtype:trojan-activity;sid:81060887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; content:"198.12.97.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197786/; classtype:trojan-activity;sid:81060886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qhcugla=6"; http_uri; depth:10; isdataat:!1,relative; content:"mannysdinerofmontclair.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197785/; classtype:trojan-activity;sid:81060885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uiaogdigothhx=137435"; http_uri; depth:21; isdataat:!1,relative; content:"licheenutbrooklynheights.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197784/; classtype:trojan-activity;sid:81060884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uuswgywbxvfu=11"; http_uri; depth:16; isdataat:!1,relative; content:"order31avegyro.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197783/; classtype:trojan-activity;sid:81060883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kbfhtgzkmhc=430252"; http_uri; depth:19; isdataat:!1,relative; content:"lincolnparkgrillnyc.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197782/; classtype:trojan-activity;sid:81060882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lcohjfyrbjnzv=936"; http_uri; depth:18; isdataat:!1,relative; content:"luigisrestaurantchelsea.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197781/; classtype:trojan-activity;sid:81060881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/evensvc.exe"; http_uri; depth:12; isdataat:!1,relative; content:"fid.hognoob.se"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197780/; classtype:trojan-activity;sid:81060880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codeine.mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"167.99.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197779/; classtype:trojan-activity;sid:81060879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codeine.sh4"; http_uri; depth:12; isdataat:!1,relative; content:"167.99.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197778/; classtype:trojan-activity;sid:81060878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codeine.m68k"; http_uri; depth:13; isdataat:!1,relative; content:"167.99.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197777/; classtype:trojan-activity;sid:81060877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codeine.arm4"; http_uri; depth:13; isdataat:!1,relative; content:"167.99.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197776/; classtype:trojan-activity;sid:81060876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codeine.i586"; http_uri; depth:13; isdataat:!1,relative; content:"167.99.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197775/; classtype:trojan-activity;sid:81060875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codeine.x86"; http_uri; depth:12; isdataat:!1,relative; content:"167.99.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197774/; classtype:trojan-activity;sid:81060874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codeine.arm6"; http_uri; depth:13; isdataat:!1,relative; content:"167.99.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197773/; classtype:trojan-activity;sid:81060873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codeine.sparc"; http_uri; depth:14; isdataat:!1,relative; content:"167.99.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197772/; classtype:trojan-activity;sid:81060872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codeine.arm7"; http_uri; depth:13; isdataat:!1,relative; content:"167.99.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197771/; classtype:trojan-activity;sid:81060871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codeine.ppc"; http_uri; depth:12; isdataat:!1,relative; content:"167.99.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197770/; classtype:trojan-activity;sid:81060870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codeine.arm5"; http_uri; depth:13; isdataat:!1,relative; content:"167.99.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197769/; classtype:trojan-activity;sid:81060869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codeine.i686"; http_uri; depth:13; isdataat:!1,relative; content:"167.99.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197768/; classtype:trojan-activity;sid:81060868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/codeine.mips"; http_uri; depth:13; isdataat:!1,relative; content:"167.99.8.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197767/; classtype:trojan-activity;sid:81060867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/allfiles/temp/wp-content/esp/uoajiknogpxkyoubrjbvmom/"; http_uri; depth:54; isdataat:!1,relative; content:"mobuzzasia.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197766/; classtype:trojan-activity;sid:81060866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pages/pdsdoojcwdszxuykctbwtpar/"; http_uri; depth:43; isdataat:!1,relative; content:"mjeas.seas.num.edu.mn"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197765/; classtype:trojan-activity;sid:81060865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jutorje32/ofpuqeuuydluasgfbie/"; http_uri; depth:31; isdataat:!1,relative; content:"neurologicalcareofoc.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197764/; classtype:trojan-activity;sid:81060864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zamki/jwgiy866pt1ct8zemzx8yrku3b_6m6s088-5933526545566/"; http_uri; depth:56; isdataat:!1,relative; content:"notix-test.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197763/; classtype:trojan-activity;sid:81060863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/tt.exe"; http_uri; depth:12; isdataat:!1,relative; content:"excursiionline.ro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197762/; classtype:trojan-activity;sid:81060862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/kc.exe"; http_uri; depth:12; isdataat:!1,relative; content:"excursiionline.ro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197761/; classtype:trojan-activity;sid:81060861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/cesbtj755s6p0fcyvimmnneg38ms_go812f7-566475421578787/"; http_uri; depth:62; isdataat:!1,relative; content:"old.oleglukanov.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197760/; classtype:trojan-activity;sid:81060860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/guoedwfkgxjjv=1275"; http_uri; depth:19; isdataat:!1,relative; content:"lamppostjerseycity.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197759/; classtype:trojan-activity;sid:81060859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kqxtgoliuuu=1554"; http_uri; depth:17; isdataat:!1,relative; content:"labellamariella2.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197758/; classtype:trojan-activity;sid:81060858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vcviomjpbrbtdc=84108"; http_uri; depth:21; isdataat:!1,relative; content:"mariassandwichesvalleystream.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197757/; classtype:trojan-activity;sid:81060857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tjfxwgynqfst=203243"; http_uri; depth:20; isdataat:!1,relative; content:"lorettaspizzabx.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197756/; classtype:trojan-activity;sid:81060856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aqqf/parts_service/pmtwlshs32bqzll_ny4lmq4zgp-1593792866860/"; http_uri; depth:61; isdataat:!1,relative; content:"onetouchfootball.gr"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197755/; classtype:trojan-activity;sid:81060855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/cr91h.exe"; http_uri; depth:14; isdataat:!1,relative; content:"devinobryan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197754/; classtype:trojan-activity;sid:81060854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/llc/yebukw3dgwgzq5ebygh_n4g4iort3o-84431657/"; http_uri; depth:54; isdataat:!1,relative; content:"newwebsite.smex.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197753/; classtype:trojan-activity;sid:81060853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/esp/whoiy5qxbjnrp1gmegkx8_2dy87q342n-1691925380481/"; http_uri; depth:59; isdataat:!1,relative; content:"ohioamft.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197752/; classtype:trojan-activity;sid:81060852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"104.248.136.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197751/; classtype:trojan-activity;sid:81060851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/pages/bcqgigdpwxdjamjkuwrgldfckdca/"; http_uri; depth:45; isdataat:!1,relative; content:"nairobitour.co.ke"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197750/; classtype:trojan-activity;sid:81060850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/saicollection/9tnulb5pniumdu53qd5adk_k9gzahh9o-436784313075/"; http_uri; depth:61; isdataat:!1,relative; content:"gigmoz.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197749/; classtype:trojan-activity;sid:81060849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/linuxtf26"; http_uri; depth:10; isdataat:!1,relative; content:"47.100.253.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197748/; classtype:trojan-activity;sid:81060848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ogasa_data/lm/wrqrib4qqa_g37i0cgy2r-75961413357/"; http_uri; depth:49; isdataat:!1,relative; content:"msinet.s87.xrea.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197747/; classtype:trojan-activity;sid:81060847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/pages/dxebbm7rfe9yjkcu1s0f_owwlim3rvt-900385447853124/"; http_uri; depth:63; isdataat:!1,relative; content:"agents.map-link.co.uk"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197746/; classtype:trojan-activity;sid:81060846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tcsa2fo/titjckjb80xyv6xjs9l879gv_vwuyzcy9pt-31037587938083/"; http_uri; depth:60; isdataat:!1,relative; content:"kulzein.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197745/; classtype:trojan-activity;sid:81060845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/esp/nejynmxsshvwzuvqwbaeqrwvj/"; http_uri; depth:43; isdataat:!1,relative; content:"amarresyretornosdeamor.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197744/; classtype:trojan-activity;sid:81060844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/scan/84lyfqg006n3tnv_pqc15-6573296772/"; http_uri; depth:51; isdataat:!1,relative; content:"mapala.politala.ac.id"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197743/; classtype:trojan-activity;sid:81060843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/esp/fexcocn582zqkrx45qc979i_b7al0se-6012446038782/"; http_uri; depth:70; isdataat:!1,relative; content:"greencampus.uho.ac.id"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197742/; classtype:trojan-activity;sid:81060842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/jlezcpseefodjsujifij/"; http_uri; depth:33; isdataat:!1,relative; content:"biyoistatistikdoktoru.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197741/; classtype:trojan-activity;sid:81060841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/tony1/tonyyyy.doc"; http_uri; depth:25; isdataat:!1,relative; content:"le-bistrot-depicure.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197740/; classtype:trojan-activity;sid:81060840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/file/xb6h2fg9z6lm5w3su55_d4vh01xv-629322984732111/"; http_uri; depth:63; isdataat:!1,relative; content:"jordynryderofficial.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197739/; classtype:trojan-activity;sid:81060839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/paclm/wgkcgc583re0c6veyxfn1zf4u95uey_u407xg-23929936006/"; http_uri; depth:69; isdataat:!1,relative; content:"physionize.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197738/; classtype:trojan-activity;sid:81060838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/llc/bs5wlwidu_lhwh8-6531737739304/"; http_uri; depth:46; isdataat:!1,relative; content:"www.pomohouse.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197737/; classtype:trojan-activity;sid:81060837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/plugins/sserv.jpg"; http_uri; depth:39; isdataat:!1,relative; content:"okozukai-site.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197736/; classtype:trojan-activity;sid:81060836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_private/inc/dpbfhjxz/"; http_uri; depth:23; isdataat:!1,relative; content:"hartwig-paulsen.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197735/; classtype:trojan-activity;sid:81060835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pagiy75.php"; http_uri; depth:12; isdataat:!1,relative; content:"happygardenwillstonpark.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197734/; classtype:trojan-activity;sid:81060834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/plugins/sserv.jpg"; http_uri; depth:39; isdataat:!1,relative; content:"how-to-nampa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197733/; classtype:trojan-activity;sid:81060833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cj/cj.doc"; http_uri; depth:10; isdataat:!1,relative; content:"www.tandf.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197732/; classtype:trojan-activity;sid:81060832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/comm/moneymakers/css/paclm/58odajp5psbnf3zdrg_nxffzku-08384326922/"; http_uri; depth:67; isdataat:!1,relative; content:"www.wwwhelper.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197731/; classtype:trojan-activity;sid:81060831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/doc/uddqppobklwrngqgyhlzwyp/"; http_uri; depth:48; isdataat:!1,relative; content:"uniquedestination.mitsishotels.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197730/; classtype:trojan-activity;sid:81060830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/cr25.exe"; http_uri; depth:13; isdataat:!1,relative; content:"devinobryan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197729/; classtype:trojan-activity;sid:81060829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/euq6651/"; http_uri; depth:15; isdataat:!1,relative; content:"brahmanakarya.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197728/; classtype:trojan-activity;sid:81060828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gc41e1/t44/"; http_uri; depth:12; isdataat:!1,relative; content:"goodmusicapps.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197727/; classtype:trojan-activity;sid:81060827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/t70zrh7nk/b0099/"; http_uri; depth:17; isdataat:!1,relative; content:"everythingguinevereapps.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197726/; classtype:trojan-activity;sid:81060826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nav/1ogg550282/"; http_uri; depth:16; isdataat:!1,relative; content:"dragonfang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197725/; classtype:trojan-activity;sid:81060825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/0q7eb83365/"; http_uri; depth:21; isdataat:!1,relative; content:"gadgetandplay.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197724/; classtype:trojan-activity;sid:81060824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/document/udbpxvwiqppglqtxy/"; http_uri; depth:37; isdataat:!1,relative; content:"socialfood.tk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197723/; classtype:trojan-activity;sid:81060823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mzbvghzaucerr=6"; http_uri; depth:16; isdataat:!1,relative; content:"mehakindiancuisine.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197722/; classtype:trojan-activity;sid:81060822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/pages/bf6xoqb8_4hmms-704596943740/"; http_uri; depth:39; isdataat:!1,relative; content:"whitesalon.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197720/; classtype:trojan-activity;sid:81060820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/best.exe"; http_uri; depth:9; isdataat:!1,relative; content:"noreply2.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197719/; classtype:trojan-activity;sid:81060819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"158.69.231.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197718/; classtype:trojan-activity;sid:81060818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nut"; http_uri; depth:4; isdataat:!1,relative; content:"158.69.231.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197717/; classtype:trojan-activity;sid:81060817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"158.69.231.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197716/; classtype:trojan-activity;sid:81060816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oofftp"; http_uri; depth:7; isdataat:!1,relative; content:"91.121.226.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197715/; classtype:trojan-activity;sid:81060815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.131.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197714/; classtype:trojan-activity;sid:81060814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/[cpu]"; http_uri; depth:6; isdataat:!1,relative; content:"192.3.131.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197713/; classtype:trojan-activity;sid:81060813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.131.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197712/; classtype:trojan-activity;sid:81060812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"158.69.231.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197711/; classtype:trojan-activity;sid:81060811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"192.3.131.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197710/; classtype:trojan-activity;sid:81060810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"68.183.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197709/; classtype:trojan-activity;sid:81060809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"68.183.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197708/; classtype:trojan-activity;sid:81060808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"68.183.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197707/; classtype:trojan-activity;sid:81060807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"68.183.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197706/; classtype:trojan-activity;sid:81060806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pagiy75.php"; http_uri; depth:12; isdataat:!1,relative; content:"gaetanascucinaitaliananyc.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197705/; classtype:trojan-activity;sid:81060805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nrfbiigwwxkwjfbupwnk=124"; http_uri; depth:25; isdataat:!1,relative; content:"majorscarryoutdc.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197704/; classtype:trojan-activity;sid:81060804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nheijimdmhomng=623"; http_uri; depth:19; isdataat:!1,relative; content:"melachiassavorymealsculvercity.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197703/; classtype:trojan-activity;sid:81060803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sofbjfmdkocdoivxhm=003"; http_uri; depth:23; isdataat:!1,relative; content:"meenoodlesnyc.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197702/; classtype:trojan-activity;sid:81060802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbdwoeoz=42858"; http_uri; depth:15; isdataat:!1,relative; content:"littlethaikitchenct.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197701/; classtype:trojan-activity;sid:81060801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/phvingxidbehveisxa=82"; http_uri; depth:22; isdataat:!1,relative; content:"lapiazzettabk.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197700/; classtype:trojan-activity;sid:81060800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lpnkfqeepx=1445"; http_uri; depth:16; isdataat:!1,relative; content:"orderabboccatonyc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197699/; classtype:trojan-activity;sid:81060799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ocevlrakd=90"; http_uri; depth:13; isdataat:!1,relative; content:"mariospizzeriabrooklyn.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197698/; classtype:trojan-activity;sid:81060798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftsmeiqshajg=1"; http_uri; depth:15; isdataat:!1,relative; content:"mariasitaliankitchenwestla.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197697/; classtype:trojan-activity;sid:81060797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/icdivjmcjtyfsxqy=793581"; http_uri; depth:24; isdataat:!1,relative; content:"oakalehousemaywood.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197696/; classtype:trojan-activity;sid:81060796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"104.248.136.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197694/; classtype:trojan-activity;sid:81060794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197695/; classtype:trojan-activity;sid:81060795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"68.183.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197693/; classtype:trojan-activity;sid:81060793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"68.183.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197692/; classtype:trojan-activity;sid:81060792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oofshit"; http_uri; depth:8; isdataat:!1,relative; content:"91.121.226.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197691/; classtype:trojan-activity;sid:81060791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"68.183.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197690/; classtype:trojan-activity;sid:81060790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"158.69.231.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197688/; classtype:trojan-activity;sid:81060788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197689/; classtype:trojan-activity;sid:81060789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"192.3.131.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197687/; classtype:trojan-activity;sid:81060787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"158.69.231.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197686/; classtype:trojan-activity;sid:81060786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"68.183.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197685/; classtype:trojan-activity;sid:81060785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197684/; classtype:trojan-activity;sid:81060784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.131.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197683/; classtype:trojan-activity;sid:81060783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; content:"68.183.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197682/; classtype:trojan-activity;sid:81060782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.131.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197681/; classtype:trojan-activity;sid:81060781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"139.59.62.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197680/; classtype:trojan-activity;sid:81060780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"158.69.231.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197679/; classtype:trojan-activity;sid:81060779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"192.3.131.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197677/; classtype:trojan-activity;sid:81060777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oofcron"; http_uri; depth:8; isdataat:!1,relative; content:"91.121.226.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197678/; classtype:trojan-activity;sid:81060778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197676/; classtype:trojan-activity;sid:81060776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"158.69.231.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197675/; classtype:trojan-activity;sid:81060775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197674/; classtype:trojan-activity;sid:81060774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"68.183.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197673/; classtype:trojan-activity;sid:81060773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"158.69.231.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197671/; classtype:trojan-activity;sid:81060771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197672/; classtype:trojan-activity;sid:81060772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197670/; classtype:trojan-activity;sid:81060770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"158.69.231.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197669/; classtype:trojan-activity;sid:81060769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"158.69.231.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197668/; classtype:trojan-activity;sid:81060768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197667/; classtype:trojan-activity;sid:81060767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"68.183.149.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197666/; classtype:trojan-activity;sid:81060766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.131.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197665/; classtype:trojan-activity;sid:81060765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.131.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197664/; classtype:trojan-activity;sid:81060764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197663/; classtype:trojan-activity;sid:81060763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oofapache2"; http_uri; depth:11; isdataat:!1,relative; content:"91.121.226.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197662/; classtype:trojan-activity;sid:81060762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.182.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197661/; classtype:trojan-activity;sid:81060761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"139.59.62.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197660/; classtype:trojan-activity;sid:81060760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oofopenssh"; http_uri; depth:11; isdataat:!1,relative; content:"91.121.226.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197659/; classtype:trojan-activity;sid:81060759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"158.69.231.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197658/; classtype:trojan-activity;sid:81060758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"104.248.136.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197657/; classtype:trojan-activity;sid:81060757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.131.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197656/; classtype:trojan-activity;sid:81060756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"52.57.28.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197655/; classtype:trojan-activity;sid:81060755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.182.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197654/; classtype:trojan-activity;sid:81060754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"139.59.62.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197653/; classtype:trojan-activity;sid:81060753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"192.3.131.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197652/; classtype:trojan-activity;sid:81060752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"104.248.136.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197651/; classtype:trojan-activity;sid:81060751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"104.248.136.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197650/; classtype:trojan-activity;sid:81060750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/xa9o_88pj5mcr-26/"; http_uri; depth:21; isdataat:!1,relative; content:"tanibisnis.web.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197649/; classtype:trojan-activity;sid:81060749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/zrunsgcls/"; http_uri; depth:23; isdataat:!1,relative; content:"meenakshimatrichss.edu.in"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197648/; classtype:trojan-activity;sid:81060748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/data/mfaprrnge/"; http_uri; depth:16; isdataat:!1,relative; content:"finetrade.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197647/; classtype:trojan-activity;sid:81060747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blue/8wse_zrdnx2c-9775/"; http_uri; depth:24; isdataat:!1,relative; content:"edandtrish.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197646/; classtype:trojan-activity;sid:81060746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/business/iagkbxfsk/"; http_uri; depth:20; isdataat:!1,relative; content:"classicimagery.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197645/; classtype:trojan-activity;sid:81060745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/ojay1/oj.doc"; http_uri; depth:20; isdataat:!1,relative; content:"le-bistrot-depicure.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197644/; classtype:trojan-activity;sid:81060744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.x86"; http_uri; depth:15; isdataat:!1,relative; content:"67.205.138.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197643/; classtype:trojan-activity;sid:81060743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; content:"134.209.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197642/; classtype:trojan-activity;sid:81060742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.81.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197641/; classtype:trojan-activity;sid:81060741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"134.209.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197640/; classtype:trojan-activity;sid:81060740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"134.209.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197639/; classtype:trojan-activity;sid:81060739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"157.230.0.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197638/; classtype:trojan-activity;sid:81060738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/huya.4"; http_uri; depth:7; isdataat:!1,relative; content:"101.254.149.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197637/; classtype:trojan-activity;sid:81060737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/3344.jar"; http_uri; depth:13; isdataat:!1,relative; content:"amsparts.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197636/; classtype:trojan-activity;sid:81060736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/2255.jar"; http_uri; depth:13; isdataat:!1,relative; content:"amsparts.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197635/; classtype:trojan-activity;sid:81060735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.81.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197634/; classtype:trojan-activity;sid:81060734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"157.230.0.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197633/; classtype:trojan-activity;sid:81060733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; content:"134.209.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197632/; classtype:trojan-activity;sid:81060732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"134.209.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197631/; classtype:trojan-activity;sid:81060731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.x86"; http_uri; depth:15; isdataat:!1,relative; content:"67.205.138.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197630/; classtype:trojan-activity;sid:81060730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"134.209.240.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197629/; classtype:trojan-activity;sid:81060729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/ppty.exe"; http_uri; depth:27; isdataat:!1,relative; content:"mpctunisia.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197628/; classtype:trojan-activity;sid:81060728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wf/clickupn=kfsptknbvpinwzcrkgzprkdcheziwnmful5huol7xy-2b4m9biz1tcgoatbbowzkw-2fxevx4blrfmxvien75zg9nhpiufunql-2b4i3t9ode5gfo-3d_oerrri8cm6meuplmlti3q-2b-2bnswoq-2baxfeqkyktbgcwg1jqqz74ebxntgdpks7k1bcvmvruumvw4oqk2pjp-2bhyavbvizgeu8vxx7ijvchusvro4ipvor3gdhei-2fsjtesocvdod4uyj-2futmxesrhgbkrm1qjuonrzwp2otl5yj1v50t3a-2bmlnes7czhcdess559enuzcarjcuynhwoa2-2b8iu0tbmrzakhmyuphcrhqdm8-3d"; http_uri; depth:384; isdataat:!1,relative; content:"u7906250.ct.sendgrid.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197627/; classtype:trojan-activity;sid:81060727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/public_segment/sec/eng/accs/open_resourse/"; http_uri; depth:54; isdataat:!1,relative; content:"www.zorem.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197626/; classtype:trojan-activity;sid:81060726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/trusted_area/seg/en/signed/office/"; http_uri; depth:46; isdataat:!1,relative; content:"extravidenie.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197625/; classtype:trojan-activity;sid:81060725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hsxxz/hsxxz.exe"; http_uri; depth:16; isdataat:!1,relative; content:"ccnn.xiaomier.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197624/; classtype:trojan-activity;sid:81060724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/soft/244378/keyboardtest.exe"; http_uri; depth:29; isdataat:!1,relative; content:"d2.udashi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197623/; classtype:trojan-activity;sid:81060723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iiinnnn.exe"; http_uri; depth:12; isdataat:!1,relative; content:"penetrating-photogr.000webhostapp.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197622/; classtype:trojan-activity;sid:81060722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure_zone/sec/us/logged/office/"; http_uri; depth:45; isdataat:!1,relative; content:"thezebra.biz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197621/; classtype:trojan-activity;sid:81060721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/g3308l"; http_uri; depth:7; isdataat:!1,relative; content:"192.200.208.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197620/; classtype:trojan-activity;sid:81060720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xiaofei777"; http_uri; depth:11; isdataat:!1,relative; content:"222.186.3.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197619/; classtype:trojan-activity;sid:81060719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cli/dane/sjcmfzurexoinw8yktp75_d9wfqb-515794612/"; http_uri; depth:49; isdataat:!1,relative; content:"www.labmilk.co.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197618/; classtype:trojan-activity;sid:81060718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ricar/qqdzmbxixl/"; http_uri; depth:18; isdataat:!1,relative; content:"radioesperanza923.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197615/; classtype:trojan-activity;sid:81060715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/stcrrpoidrr/"; http_uri; depth:22; isdataat:!1,relative; content:"levantu.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197614/; classtype:trojan-activity;sid:81060714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/comm/moneymakers/css/paclm/58odajp5psbnf3zdrg_nxffzku-08384326922/"; http_uri; depth:67; isdataat:!1,relative; content:"wwwhelper.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197613/; classtype:trojan-activity;sid:81060713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/inc/57pds8qj977fuqw_bjxbdhsf-3574519625067/"; http_uri; depth:55; isdataat:!1,relative; content:"ackosice.sk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197612/; classtype:trojan-activity;sid:81060712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi/pmdghlnrayipimmhinvshzaxmxzvv/"; http_uri; depth:35; isdataat:!1,relative; content:"computerbootup.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197611/; classtype:trojan-activity;sid:81060711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sites/lsiukvhcklmktyybashjlj/"; http_uri; depth:42; isdataat:!1,relative; content:"www.lmichellewebb.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197610/; classtype:trojan-activity;sid:81060710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/public_segment/sec/eng/accs/open_resourse/"; http_uri; depth:54; isdataat:!1,relative; content:"www.zorem.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197609/; classtype:trojan-activity;sid:81060709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nfuvi/trusted_network/sec/eng_us/accs/send_files/"; http_uri; depth:50; isdataat:!1,relative; content:"engenerconstrucao.com.br"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197608/; classtype:trojan-activity;sid:81060708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/wolf.exe"; http_uri; depth:16; isdataat:!1,relative; content:"buhleni.co.za"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197607/; classtype:trojan-activity;sid:81060707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/departures_may3/doc/dicllsmfntlxbwnmliffepoirupj/"; http_uri; depth:50; isdataat:!1,relative; content:"ygraphx.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197606/; classtype:trojan-activity;sid:81060706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/inc/ernnzoxosdtbejaaghmcdazgzrjryi/"; http_uri; depth:36; isdataat:!1,relative; content:"biomedmat.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197605/; classtype:trojan-activity;sid:81060705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/doc/uddqppobklwrngqgyhlzwyp/"; http_uri; depth:48; isdataat:!1,relative; content:"uniquedestination.mitsishotels.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197604/; classtype:trojan-activity;sid:81060704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/soft/170331/12037.exe"; http_uri; depth:22; isdataat:!1,relative; content:"down1.xt70.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197603/; classtype:trojan-activity;sid:81060703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dvedit/inc/cgyfeo3enwqh1db8t6a3_13xbr8q-1836727870671/"; http_uri; depth:55; isdataat:!1,relative; content:"gorinkan.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197602/; classtype:trojan-activity;sid:81060702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ortuzar.cl/esp/ixjwtev0k5ze2_6pt2rqck3-52580352/"; http_uri; depth:49; isdataat:!1,relative; content:"great.cl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197601/; classtype:trojan-activity;sid:81060701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/spyder.exe"; http_uri; depth:18; isdataat:!1,relative; content:"buhleni.co.za"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197600/; classtype:trojan-activity;sid:81060700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/lm/hxifzxihssoosixxzedo/"; http_uri; depth:33; isdataat:!1,relative; content:"congnghexanhtn.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197599/; classtype:trojan-activity;sid:81060699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/sites/oi2h8eb32rlswyhyoe274vh802q_vd3boc2o-7590611699/"; http_uri; depth:63; isdataat:!1,relative; content:"congnghexanhtn.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197598/; classtype:trojan-activity;sid:81060698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/corenascreations/zencartcatalog/cache/llc/tytxviiuwfykjmivrksmft/"; http_uri; depth:66; isdataat:!1,relative; content:"mysterylover.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197597/; classtype:trojan-activity;sid:81060697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/soft/244276/%e6%96%87%e4%bb%b6%e5%a4%b9%e5%8a%a0%e5%af%86.exe"; http_uri; depth:62; isdataat:!1,relative; content:"d2.udashi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197596/; classtype:trojan-activity;sid:81060696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/basel/inc/admin/dashboard/views/tabs/sserv.jpg"; http_uri; depth:65; isdataat:!1,relative; content:"heartburnsafe.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197595/; classtype:trojan-activity;sid:81060695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kjbgta/acmreyaa40e_ps0whshh1b-198803276009/"; http_uri; depth:44; isdataat:!1,relative; content:"blog.orbi-imoveis.com.br"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197594/; classtype:trojan-activity;sid:81060694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pifu/tubiao/xuancaijita.exe"; http_uri; depth:28; isdataat:!1,relative; content:"cf.uuu9.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197593/; classtype:trojan-activity;sid:81060693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/esp/4gkdpldabt7lt1kem40b5d4oh2qmht_orrf3i1sj-710246102774/"; http_uri; depth:70; isdataat:!1,relative; content:"netmoc.vn"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197592/; classtype:trojan-activity;sid:81060692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/acme-challenge/1c.jpg"; http_uri; depth:34; isdataat:!1,relative; content:"new4.pipl.ua"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197591/; classtype:trojan-activity;sid:81060691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pifu/tubiao/vip.exe"; http_uri; depth:20; isdataat:!1,relative; content:"cf.uuu9.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197590/; classtype:trojan-activity;sid:81060690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/service/sites/olwt0ulb_e9xabjilc0-8978386499534/"; http_uri; depth:49; isdataat:!1,relative; content:"hegelito.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197589/; classtype:trojan-activity;sid:81060689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/090704/paclm/hmyglyow/"; http_uri; depth:23; isdataat:!1,relative; content:"hskf.net"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197588/; classtype:trojan-activity;sid:81060688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/sites/jwtdkdjtedespca/"; http_uri; depth:36; isdataat:!1,relative; content:"idesa.cl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197587/; classtype:trojan-activity;sid:81060687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/basel/images/icons/sserv.jpg"; http_uri; depth:47; isdataat:!1,relative; content:"heartburnsafe.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197586/; classtype:trojan-activity;sid:81060686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/tdevomjwynwt/"; http_uri; depth:23; isdataat:!1,relative; content:"indieliferadio.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197585/; classtype:trojan-activity;sid:81060685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lucasnievinski/9o7573w40425s_xp9q35wxj-746490859/"; http_uri; depth:50; isdataat:!1,relative; content:"in9cm.com.br"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197584/; classtype:trojan-activity;sid:81060684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/webdav/esp/z3y7ucs8qsqmh58s6854abo5l_kpxeu5-55695822989700/"; http_uri; depth:60; isdataat:!1,relative; content:"kejpa.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197583/; classtype:trojan-activity;sid:81060683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/felash/app/felashchap.exe"; http_uri; depth:26; isdataat:!1,relative; content:"valedchap.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197582/; classtype:trojan-activity;sid:81060682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; content:"185.101.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197581/; classtype:trojan-activity;sid:81060681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lightcraftdev/inc/odhhvacqbgflku/"; http_uri; depth:34; isdataat:!1,relative; content:"sparkcreativeworks.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197580/; classtype:trojan-activity;sid:81060680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pifu/tubiao/yuyi.exe"; http_uri; depth:21; isdataat:!1,relative; content:"cf.uuu9.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197579/; classtype:trojan-activity;sid:81060679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/document/nzszhrgpjqqhbgu/"; http_uri; depth:37; isdataat:!1,relative; content:"triseouytin.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197578/; classtype:trojan-activity;sid:81060678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/esp/zdsoz58k1vg8s8i0putwi0o_tt8criqm-280927037619/"; http_uri; depth:56; isdataat:!1,relative; content:"empharm.uz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197577/; classtype:trojan-activity;sid:81060677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/rxepxifapjpamshvbpeebjbc/"; http_uri; depth:40; isdataat:!1,relative; content:"euma.vn"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197576/; classtype:trojan-activity;sid:81060676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jbcsoz/llc/dneupdmjrkohxqjgaxwljkjnjvues/"; http_uri; depth:42; isdataat:!1,relative; content:"paularosalba.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197575/; classtype:trojan-activity;sid:81060675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/parts_service/bqtc4tof2ixrqmcm44_h1inlhsj-70729598/"; http_uri; depth:66; isdataat:!1,relative; content:"manovikaskerala.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197574/; classtype:trojan-activity;sid:81060674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fls/1q3.exe"; http_uri; depth:12; isdataat:!1,relative; content:"64.44.133.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197573/; classtype:trojan-activity;sid:81060673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scan/aqwzhfwvyhst8ai86uuw_m452ok2g-451213844234/"; http_uri; depth:58; isdataat:!1,relative; content:"trichromatic-transi.000webhostapp.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197572/; classtype:trojan-activity;sid:81060672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sitemaps/llc/fejxqiywhanjveqcth/"; http_uri; depth:33; isdataat:!1,relative; content:"silcfertilizzanti.it"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197571/; classtype:trojan-activity;sid:81060671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/secure_zone/ver/eng/logged/public_data/"; http_uri; depth:52; isdataat:!1,relative; content:"weboyun.site"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197570/; classtype:trojan-activity;sid:81060670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/hwhycuizwjgdrge/"; http_uri; depth:30; isdataat:!1,relative; content:"acolherintegrativo.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197569/; classtype:trojan-activity;sid:81060669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/llc/xc7nxo2ywi8n52lu8_0fye8j-33860168/"; http_uri; depth:51; isdataat:!1,relative; content:"kinder-camp.com.ua"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197568/; classtype:trojan-activity;sid:81060668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/sun/roma.exe"; http_uri; depth:20; isdataat:!1,relative; content:"le-bistrot-depicure.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197567/; classtype:trojan-activity;sid:81060667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/doc/eypkumpxoajrnkn/"; http_uri; depth:25; isdataat:!1,relative; content:"tgcool.gq"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197566/; classtype:trojan-activity;sid:81060666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ocart/document/ogypnmtnpuylkmrqlarcgkd/"; http_uri; depth:40; isdataat:!1,relative; content:"radharamanudyog.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197565/; classtype:trojan-activity;sid:81060665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/scan/qgi7r0g6neq5gak2d1nlamx5xu_sxbdyhu-88393500801483/"; http_uri; depth:67; isdataat:!1,relative; content:"www.cbmagency.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197564/; classtype:trojan-activity;sid:81060664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ht8p0y2d05e5ydd4nvl9ibnzp_r3teinnq3-7560842820/"; http_uri; depth:59; isdataat:!1,relative; content:"cosplaycollegium.club"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197563/; classtype:trojan-activity;sid:81060663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/llc/arzijrtqdjxyetaykegves/"; http_uri; depth:37; isdataat:!1,relative; content:"lara-service.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197562/; classtype:trojan-activity;sid:81060662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/lm/j0mlzerhtskq1_vqze2p7nw-525494593957999/"; http_uri; depth:55; isdataat:!1,relative; content:"www.wtgllc.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197561/; classtype:trojan-activity;sid:81060661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/copyright/w2eiyop64h97ht6i3rym_ghznzynpv-411526644922/"; http_uri; depth:55; isdataat:!1,relative; content:"femmedica.pl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197560/; classtype:trojan-activity;sid:81060660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/sites/ykmhqfrmcsgl/"; http_uri; depth:25; isdataat:!1,relative; content:"spoorthy.ml"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197559/; classtype:trojan-activity;sid:81060659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/joomla_c/esp/7kd8vn2gitzrbnsnnfeyuynm09k4_f8py64-170077456/"; http_uri; depth:60; isdataat:!1,relative; content:"infanta.kz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197558/; classtype:trojan-activity;sid:81060658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/30qp3tb67w2txlygzm22sgi57_dqxt1l-1977495695975/"; http_uri; depth:56; isdataat:!1,relative; content:"encame.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197557/; classtype:trojan-activity;sid:81060657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/izuantntizyoomjqwfxpgmts/"; http_uri; depth:35; isdataat:!1,relative; content:"onepostsocial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197556/; classtype:trojan-activity;sid:81060656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sites/lsiukvhcklmktyybashjlj"; http_uri; depth:41; isdataat:!1,relative; content:"www.lmichellewebb.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197555/; classtype:trojan-activity;sid:81060655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jutorje32/doc/jbtijsouylfycnacnnlavftm/"; http_uri; depth:40; isdataat:!1,relative; content:"apps-phone.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197554/; classtype:trojan-activity;sid:81060654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/sites/arjgpweukdppqpsvtntowtdhkhd/"; http_uri; depth:42; isdataat:!1,relative; content:"gamemechanics.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197553/; classtype:trojan-activity;sid:81060653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wf/clickupn=mzq02zv-2fwcup5jxh21-2fjtikoesuhiwupmmjyr9cqt7ga6cdlmvej5e9dmhuuprkhrd2bqy01frnsi03nj2x1s53koettadgklve0mqgdizo-3d_kl3-2bpbkdwsjtt4aizps4sqleci3zqwmtn6gkq610foscar18s3tujq5vx8zmidvxxy6enraocsiuw2seco-2biqrhjc6aihbkim1ddbfbbcc2qpihx2n8smymqohespr7ny0pbjj3i4ppx7b6fxyyri3lvvg2vlpcyohyihix4ne5hqkxdrs8rwg2s4luqjqqxu-2bk1n-2bwe4quypw3x1tla9bdotqnmtvvsfq-2fhmeboc3o-3d"; http_uri; depth:376; isdataat:!1,relative; content:"u7906250.ct.sendgrid.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197552/; classtype:trojan-activity;sid:81060652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ukhz0yw/trusted_network/ver/us/anyone/new_resourses/"; http_uri; depth:53; isdataat:!1,relative; content:"yoloaccessories.co.za"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197551/; classtype:trojan-activity;sid:81060651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/moodle/6mzlj4vumsbdgcjm17n8qtawde_0lovhzq-587627277/"; http_uri; depth:53; isdataat:!1,relative; content:"mywebnerd.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197550/; classtype:trojan-activity;sid:81060650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lp/file/k518bwvfhrv_zicsevw-386184410493840/"; http_uri; depth:45; isdataat:!1,relative; content:"sanko1.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197549/; classtype:trojan-activity;sid:81060649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/epxhhogiqgyfotfwp/"; http_uri; depth:19; isdataat:!1,relative; content:"sjhoops.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197548/; classtype:trojan-activity;sid:81060648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/llc/zahfarwetgvtouiygjgqldr/"; http_uri; depth:29; isdataat:!1,relative; content:"sjhoops.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197547/; classtype:trojan-activity;sid:81060647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fls/1q1.png"; http_uri; depth:12; isdataat:!1,relative; content:"64.44.133.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197546/; classtype:trojan-activity;sid:81060646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sites/ekzfdnpwzotyftajzrwgdnytuawchg/"; http_uri; depth:49; isdataat:!1,relative; content:"dp5a.surabaya.go.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197545/; classtype:trojan-activity;sid:81060645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/old/verification_area/net/eng_us/myacc/sent/"; http_uri; depth:45; isdataat:!1,relative; content:"adamjaneomir.kz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197543/; classtype:trojan-activity;sid:81060643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/esp/i2b08crtzw5cemgb_c9lnt9-19555073384/"; http_uri; depth:48; isdataat:!1,relative; content:"www.actyouth.eu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197544/; classtype:trojan-activity;sid:81060644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/9on272/"; http_uri; depth:29; isdataat:!1,relative; content:"blog.apoictech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197542/; classtype:trojan-activity;sid:81060642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/trusted_network/seg/en/anyone/open_resourse/"; http_uri; depth:56; isdataat:!1,relative; content:"mrtrouble.com.tw"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197541/; classtype:trojan-activity;sid:81060641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/public_segment/biz/en/logged/sent/"; http_uri; depth:44; isdataat:!1,relative; content:"montrio.co.za"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197540/; classtype:trojan-activity;sid:81060640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/trusted_network/seg/eng_us/myacc/send_files/"; http_uri; depth:53; isdataat:!1,relative; content:"eidriyadh.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197539/; classtype:trojan-activity;sid:81060639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/public_segment/com/us/signed/sent/"; http_uri; depth:44; isdataat:!1,relative; content:"myschool-eg.000webhostapp.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197538/; classtype:trojan-activity;sid:81060638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/old/verification_area/net/eng_us/myacc/sent/"; http_uri; depth:45; isdataat:!1,relative; content:"adamjaneomir.kz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197537/; classtype:trojan-activity;sid:81060637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/public_segment/com/eng/logged/new_resourses/"; http_uri; depth:45; isdataat:!1,relative; content:"hitotose.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197536/; classtype:trojan-activity;sid:81060636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hbadvogadas.com.br/document/gxx8rxyyf7zuz_slasi-93220491303/"; http_uri; depth:61; isdataat:!1,relative; content:"rogerfleck.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197535/; classtype:trojan-activity;sid:81060635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/n12d50ylod2r8t6x44vqprh4_ex47v5-9015107945384/"; http_uri; depth:72; isdataat:!1,relative; content:"ddmadrasah.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197534/; classtype:trojan-activity;sid:81060634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/inc/kvzwqnklvingkt/"; http_uri; depth:32; isdataat:!1,relative; content:"bdtips.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197533/; classtype:trojan-activity;sid:81060633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/galleryimage/pages/gvxyffutznyrvjlua/"; http_uri; depth:38; isdataat:!1,relative; content:"takosumi.sakura.ne.jp"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197532/; classtype:trojan-activity;sid:81060632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tm/file/noaazqxqabdxg/"; http_uri; depth:23; isdataat:!1,relative; content:"todomuta.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197531/; classtype:trojan-activity;sid:81060631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1/parts_service/dq444l3aqmdfnpemawd0a_qgxpaq-78515102739513/"; http_uri; depth:61; isdataat:!1,relative; content:"ikoym.top"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197530/; classtype:trojan-activity;sid:81060630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/inc/qycxbmxcglsplghkbgufacndfmvt/"; http_uri; depth:45; isdataat:!1,relative; content:"publiplast.tn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197529/; classtype:trojan-activity;sid:81060629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jj/spsix.exe"; http_uri; depth:13; isdataat:!1,relative; content:"daddyhandsome1.5gbfree.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197528/; classtype:trojan-activity;sid:81060628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/spm.exe"; http_uri; depth:8; isdataat:!1,relative; content:"daddyhandsome1.5gbfree.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197527/; classtype:trojan-activity;sid:81060627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cmax.exe"; http_uri; depth:9; isdataat:!1,relative; content:"daddyhandsome1.5gbfree.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197526/; classtype:trojan-activity;sid:81060626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lm/04af9pc4r_zr8957e70-92859625159/"; http_uri; depth:36; isdataat:!1,relative; content:"xn----8sbabmdgae0av6czacej5c.xn--90ais"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197525/; classtype:trojan-activity;sid:81060625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/arlista/ooiysdvqjlflqtozffqyenehfoxvs/"; http_uri; depth:39; isdataat:!1,relative; content:"tpc.hu"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197524/; classtype:trojan-activity;sid:81060624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4_19/sites/wbeomdmdbpadezxarzgswx/"; http_uri; depth:35; isdataat:!1,relative; content:"try-kumagaya.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197523/; classtype:trojan-activity;sid:81060623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/simplepie/parts_service/uatoqujs7s7ediuaxvs5cuqm_ddt16mxu-564056354031/"; http_uri; depth:84; isdataat:!1,relative; content:"blog.instacart-clone.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197522/; classtype:trojan-activity;sid:81060622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/doc/tvohhrtjpsh/"; http_uri; depth:29; isdataat:!1,relative; content:"giangphan.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197521/; classtype:trojan-activity;sid:81060621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zz9dm/pages/adpiymczfoxuuaidliv/"; http_uri; depth:33; isdataat:!1,relative; content:"magic-luck.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197520/; classtype:trojan-activity;sid:81060620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/doc/kdpcqbrftwirtbsif/"; http_uri; depth:35; isdataat:!1,relative; content:"hightec.cl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197519/; classtype:trojan-activity;sid:81060619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/74bqrll2fravktt7jkycl_535qav-869522814724593/74bqrll2fravktt7jkycl_535qav-869522814724593//"; http_uri; depth:101; isdataat:!1,relative; content:"farsinvestco.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197518/; classtype:trojan-activity;sid:81060618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/document/ei8b4ogccm21_j0o9skc-45698780357431/"; http_uri; depth:57; isdataat:!1,relative; content:"bluestag.co.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197517/; classtype:trojan-activity;sid:81060617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/simplepie/parts_service/uatoqujs7s7ediuaxvs5cuqm_ddt16mxu-564056354031/"; http_uri; depth:84; isdataat:!1,relative; content:"blog.instacart-clone.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197516/; classtype:trojan-activity;sid:81060616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/pages/eskyupwffrbpzsd/"; http_uri; depth:32; isdataat:!1,relative; content:"eco-chem.hr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197515/; classtype:trojan-activity;sid:81060615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sites/ekzfdnpwzotyftajzrwgdnytuawchg/"; http_uri; depth:49; isdataat:!1,relative; content:"dp5a.surabaya.go.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197514/; classtype:trojan-activity;sid:81060614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9yng/lm/isd8j0bsmhi53u3lxao5_bhas06a-10817970098761/"; http_uri; depth:53; isdataat:!1,relative; content:"allhealthylifestyles.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197513/; classtype:trojan-activity;sid:81060613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/au13/lm/purrrqeamzxyicdfdm/"; http_uri; depth:28; isdataat:!1,relative; content:"myhealthyappshop.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197512/; classtype:trojan-activity;sid:81060612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/open_network/sec/eng/anyone/office/"; http_uri; depth:47; isdataat:!1,relative; content:"lettingagents.ie"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197511/; classtype:trojan-activity;sid:81060611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi/inc/l66nxpe9j_i5idhzxbj4-17570585088/"; http_uri; depth:42; isdataat:!1,relative; content:"ayashige.sakura.ne.jp"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197510/; classtype:trojan-activity;sid:81060610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/doc/tayotpsuibjmgvhwplymqpnyamejp/"; http_uri; depth:47; isdataat:!1,relative; content:"canetafixa.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197509/; classtype:trojan-activity;sid:81060609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/acc/7fk45918/"; http_uri; depth:14; isdataat:!1,relative; content:"itreni.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197508/; classtype:trojan-activity;sid:81060608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/qh6/"; http_uri; depth:13; isdataat:!1,relative; content:"vmsecuritysolutions.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197507/; classtype:trojan-activity;sid:81060607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/www.thejourneynew.com/b4bqg3/"; http_uri; depth:30; isdataat:!1,relative; content:"cbdpowerbiz.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197506/; classtype:trojan-activity;sid:81060606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/4b11ihx1465/"; http_uri; depth:22; isdataat:!1,relative; content:"blacksilk.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197505/; classtype:trojan-activity;sid:81060605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/9on272/"; http_uri; depth:29; isdataat:!1,relative; content:"blog.apoictech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197504/; classtype:trojan-activity;sid:81060604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ba4/ba4.exe"; http_uri; depth:12; isdataat:!1,relative; content:"vman23.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197503/; classtype:trojan-activity;sid:81060603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/pbjejvxcdcmblyyv/"; http_uri; depth:27; isdataat:!1,relative; content:"dagda.es"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197502/; classtype:trojan-activity;sid:81060602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/public_segment/com/eng/logged/new_resourses"; http_uri; depth:44; isdataat:!1,relative; content:"hitotose.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197501/; classtype:trojan-activity;sid:81060601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/pages/xn2yogtul7r_unm2vayqlk-14939001/"; http_uri; depth:48; isdataat:!1,relative; content:"miplusmutiaraislam.sch.id"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197500/; classtype:trojan-activity;sid:81060600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/doc/n47uq53evl5k4aok0m3u4c_matymqo8dn-00080612/"; http_uri; depth:55; isdataat:!1,relative; content:"tamsuamy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197499/; classtype:trojan-activity;sid:81060599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec_zone/sec/en/logged/user_documents/"; http_uri; depth:48; isdataat:!1,relative; content:"sosyalfenomen.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197498/; classtype:trojan-activity;sid:81060598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tovlsk3kd/public_segment/seg/eng/myacc/office/"; http_uri; depth:47; isdataat:!1,relative; content:"shvedshop.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197497/; classtype:trojan-activity;sid:81060597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/rbfyme7h_yctqp-7/"; http_uri; depth:26; isdataat:!1,relative; content:"deviwijiyanti.web.id"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197496/; classtype:trojan-activity;sid:81060596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/presta/oafqmjphd/"; http_uri; depth:18; isdataat:!1,relative; content:"modeloi7nove.cf"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197495/; classtype:trojan-activity;sid:81060595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/ln720_ugcn2s1wm-93/"; http_uri; depth:23; isdataat:!1,relative; content:"electros.co.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197494/; classtype:trojan-activity;sid:81060594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ldvayrla/"; http_uri; depth:21; isdataat:!1,relative; content:"rogene.tk"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197493/; classtype:trojan-activity;sid:81060593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/pyepn1uq0u_1cn0tfaqg8-54319762/"; http_uri; depth:35; isdataat:!1,relative; content:"legioncrest.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197492/; classtype:trojan-activity;sid:81060592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/inc/cxindpbshvwjlykkgt/"; http_uri; depth:35; isdataat:!1,relative; content:"nissankinhdo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197491/; classtype:trojan-activity;sid:81060591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pages/kyvw2rg8l34j7cr3h5axgi1m4mn_fzjqevf-97122936/"; http_uri; depth:63; isdataat:!1,relative; content:"serialnow.ga"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197490/; classtype:trojan-activity;sid:81060590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/vfkyadxlebnftqaq5r53pbjg_0pii503-128245217/"; http_uri; depth:53; isdataat:!1,relative; content:"usgoldusa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197489/; classtype:trojan-activity;sid:81060589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/scan/eoqizaqsehfbchtjooz/"; http_uri; depth:37; isdataat:!1,relative; content:"nissankinhdo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197487/; classtype:trojan-activity;sid:81060587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sites/mkngjwv5m6l1sv17p87yx0_pknytr-75251279104426/"; http_uri; depth:64; isdataat:!1,relative; content:"ucuzgezi.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197488/; classtype:trojan-activity;sid:81060588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oldsite/6wz4jweq0kim8lp1u1rtxq08_x46qm6ak8-1916202749831/"; http_uri; depth:58; isdataat:!1,relative; content:"cgfilm.in"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197486/; classtype:trojan-activity;sid:81060586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/vnzpvvyf/"; http_uri; depth:13; isdataat:!1,relative; content:"novaan.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197485/; classtype:trojan-activity;sid:81060585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lfhhbfmmlk/"; http_uri; depth:24; isdataat:!1,relative; content:"aseanlegaltech.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197484/; classtype:trojan-activity;sid:81060584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/esp/qyxhswfwbfddhnokaurpvmtmjksmz/"; http_uri; depth:47; isdataat:!1,relative; content:"supetar.hr"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197483/; classtype:trojan-activity;sid:81060583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/paclm/nditktux/"; http_uri; depth:24; isdataat:!1,relative; content:"teestube-luetzel.de"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197482/; classtype:trojan-activity;sid:81060582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/picture_library/scan/tusxogxhowsvsgzpnoxbtmnd/"; http_uri; depth:47; isdataat:!1,relative; content:"bim-atc.kz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197481/; classtype:trojan-activity;sid:81060581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/gsikuf1n6mzsy_5pukqn-469095634853/"; http_uri; depth:44; isdataat:!1,relative; content:"newmarkettowing.ca"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197480/; classtype:trojan-activity;sid:81060580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/9g8kmp2ao8qj0d43j70scd_2jg9b3-4313814001/"; http_uri; depth:57; isdataat:!1,relative; content:"digitalmaker.tk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197479/; classtype:trojan-activity;sid:81060579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/q95z/pages/szzeohqbuamaa/"; http_uri; depth:26; isdataat:!1,relative; content:"thewaterstation.co.uk"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197478/; classtype:trojan-activity;sid:81060578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/tmp/parts_service/wduag244xpe8ong90jzuan4khkot_0iumbotp-231441578681/"; http_uri; depth:81; isdataat:!1,relative; content:"demo.madadaw.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197477/; classtype:trojan-activity;sid:81060577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/inc/6os1h3evk_rbi1wubtp-707389997/"; http_uri; depth:35; isdataat:!1,relative; content:"henrijacobs.nl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197476/; classtype:trojan-activity;sid:81060576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jonsfishingsystem/ufo4anic25v9hory_hvtia5t-27231959/"; http_uri; depth:53; isdataat:!1,relative; content:"hotspot-systems.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197475/; classtype:trojan-activity;sid:81060575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sites/4808gr7cs81o_xv8lp5-90716048173/"; http_uri; depth:50; isdataat:!1,relative; content:"vibeshirt.de"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197474/; classtype:trojan-activity;sid:81060574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/vf31tim48_w3w3dhra-43233738464585/"; http_uri; depth:47; isdataat:!1,relative; content:"vigamagazine.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197473/; classtype:trojan-activity;sid:81060573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cli/dane/sjcmfzurexoinw8yktp75_d9wfqb-515794612/"; http_uri; depth:49; isdataat:!1,relative; content:"labmilk.co.id"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197472/; classtype:trojan-activity;sid:81060572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/llc/ikihmnllflglvdfynhbicvsd/"; http_uri; depth:39; isdataat:!1,relative; content:"thebiz.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197471/; classtype:trojan-activity;sid:81060571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/sites/o9dj2vvbzymnqesqhfizz3h1ab_g5vk3aqrq-24829672015508/"; http_uri; depth:69; isdataat:!1,relative; content:"gargprinters.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197470/; classtype:trojan-activity;sid:81060570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/sites/k9i5flfy09jn2_u8dj2-68720464/"; http_uri; depth:44; isdataat:!1,relative; content:"beau-den.mrcloudapps.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197469/; classtype:trojan-activity;sid:81060569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/scan/ucpljcvhhdddmn/"; http_uri; depth:28; isdataat:!1,relative; content:"cib-avaluos.mx"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197468/; classtype:trojan-activity;sid:81060568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wpp-admin/tkagain.exe"; http_uri; depth:22; isdataat:!1,relative; content:"kemostarlogistics.co.ke"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197467/; classtype:trojan-activity;sid:81060567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/generall/secure_zone/eng/sign/biz/open_docs/"; http_uri; depth:45; isdataat:!1,relative; content:"ihax.site"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197466/; classtype:trojan-activity;sid:81060566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp_orig/trusted_network/com/eng_us/sign/sent/"; http_uri; depth:46; isdataat:!1,relative; content:"neurolat.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197465/; classtype:trojan-activity;sid:81060565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure_zone/sec/us/logged/office/"; http_uri; depth:45; isdataat:!1,relative; content:"thezebra.biz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197464/; classtype:trojan-activity;sid:81060564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/open_network/com/eng_us/accounts/new_resourses/"; http_uri; depth:60; isdataat:!1,relative; content:"blog.meditacaosempre.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197463/; classtype:trojan-activity;sid:81060563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wpp-admin/playeragain.exe"; http_uri; depth:26; isdataat:!1,relative; content:"kemostarlogistics.co.ke"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197462/; classtype:trojan-activity;sid:81060562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/xj9ep58gcu77dv4a_38ghv2-465992270155987/"; http_uri; depth:66; isdataat:!1,relative; content:"gak-tavrida.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197461/; classtype:trojan-activity;sid:81060561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/doc/lruberblpcnzpmgixlyliwxebburl/"; http_uri; depth:42; isdataat:!1,relative; content:"graf-zenklusen-consulting.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197460/; classtype:trojan-activity;sid:81060560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/esp/i2b08crtzw5cemgb_c9lnt9-19555073384/"; http_uri; depth:48; isdataat:!1,relative; content:"actyouth.eu"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197458/; classtype:trojan-activity;sid:81060558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/pages/szvkawgsdtqomylakfzj/"; http_uri; depth:31; isdataat:!1,relative; content:"liliputacademy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197459/; classtype:trojan-activity;sid:81060559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/dok/iav83v73v8m4ezu5eepquatv_hayo2-11638833/"; http_uri; depth:56; isdataat:!1,relative; content:"bestwellplastic.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197457/; classtype:trojan-activity;sid:81060557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/kprnhdhecccqarefswohiyosy/"; http_uri; depth:31; isdataat:!1,relative; content:"dsdalismerkezi.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197456/; classtype:trojan-activity;sid:81060556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/parts_service/bfcccfadawzyydtnwvmasfawxbtdi/"; http_uri; depth:54; isdataat:!1,relative; content:"mahala.es"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197455/; classtype:trojan-activity;sid:81060555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/zojdg93o_xynmmr45kk-00422649/"; http_uri; depth:41; isdataat:!1,relative; content:"akaprintdesign.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197453/; classtype:trojan-activity;sid:81060553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/lm/rkqbwerwvlwuuvoikdtsyyaf/"; http_uri; depth:40; isdataat:!1,relative; content:"berryandlamberts.co.uk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197452/; classtype:trojan-activity;sid:81060552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/plik/hhlqsjuabgehrkwlhxm/"; http_uri; depth:35; isdataat:!1,relative; content:"centurystage.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197451/; classtype:trojan-activity;sid:81060551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ltc/lm/y0qtzd293a46_edivl-05667044/"; http_uri; depth:36; isdataat:!1,relative; content:"pkols.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197454/; classtype:trojan-activity;sid:81060554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/nspebhehdcqo/"; http_uri; depth:23; isdataat:!1,relative; content:"couchplan.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197450/; classtype:trojan-activity;sid:81060550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/inc/09j3zev48v1si2_dvo5k-186622991462132/"; http_uri; depth:53; isdataat:!1,relative; content:"hakan.gq"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197449/; classtype:trojan-activity;sid:81060549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/paclm/14b0txzbwhjid9aqjb0olm_p0tu6y7-248592356467/"; http_uri; depth:62; isdataat:!1,relative; content:"sshskindnessproject.ca"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197448/; classtype:trojan-activity;sid:81060548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tni/5drt01/"; http_uri; depth:12; isdataat:!1,relative; content:"saigon3t.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197447/; classtype:trojan-activity;sid:81060547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/u39/"; http_uri; depth:14; isdataat:!1,relative; content:"adex2019.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197446/; classtype:trojan-activity;sid:81060546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dronephotos/esp/oti52aat89098xmvyn4g4a2a01_1usqbam-8733587385/"; http_uri; depth:63; isdataat:!1,relative; content:"giakhang.biz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197445/; classtype:trojan-activity;sid:81060545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/valedchap.exe"; http_uri; depth:18; isdataat:!1,relative; content:"valedchap.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197444/; classtype:trojan-activity;sid:81060544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/document/qwhcdlwsqrniu/"; http_uri; depth:36; isdataat:!1,relative; content:"ideenn.ml"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197443/; classtype:trojan-activity;sid:81060543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/fvnikscm3o_jpxvsmwt1l-981571726/"; http_uri; depth:44; isdataat:!1,relative; content:"130belowcryo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197442/; classtype:trojan-activity;sid:81060542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/paclm/bqhlwkmjmixltcyutrbztxhkyybnh/"; http_uri; depth:46; isdataat:!1,relative; content:"leidon.nl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197441/; classtype:trojan-activity;sid:81060541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/document/4qxat60pq97loocw9o_0kp5t-807583314427/"; http_uri; depth:60; isdataat:!1,relative; content:"turbofilmizle.cf"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197440/; classtype:trojan-activity;sid:81060540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oldsite/6wz4jweq0kim8lp1u1rtxq08_x46qm6ak8-1916202749831/"; http_uri; depth:58; isdataat:!1,relative; content:"cgfilm.in"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197439/; classtype:trojan-activity;sid:81060539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/parts_service/kmpfrxngrychxscxdlmmx/"; http_uri; depth:40; isdataat:!1,relative; content:"lukmanhakimhutajulu.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197438/; classtype:trojan-activity;sid:81060538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/heart/inc/wpb3sxn9o1zj4gth_ueiavrvmj-94874739/"; http_uri; depth:47; isdataat:!1,relative; content:"heartburnsafe.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197437/; classtype:trojan-activity;sid:81060537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/azureink.co.uk/sec_zone/us/sign/com/open_docs/"; http_uri; depth:47; isdataat:!1,relative; content:"callsmaster.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197436/; classtype:trojan-activity;sid:81060536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/paclm/14b0txzbwhjid9aqjb0olm_p0tu6y7-248592356467/"; http_uri; depth:62; isdataat:!1,relative; content:"sshskindnessproject.ca"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197435/; classtype:trojan-activity;sid:81060535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sites/lsiukvhcklmktyybashjlj/"; http_uri; depth:42; isdataat:!1,relative; content:"lmichellewebb.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197434/; classtype:trojan-activity;sid:81060534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/aoypu5e1tuyrjlyr69t4ra_nv5csuj-9437694127174/"; http_uri; depth:60; isdataat:!1,relative; content:"demositem.cf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197433/; classtype:trojan-activity;sid:81060533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/sites/x4s0s83o6t1cj7iutpp_432qzvi7bo-49947499407/"; http_uri; depth:60; isdataat:!1,relative; content:"sogreen.com.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197432/; classtype:trojan-activity;sid:81060532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/minhan/esp/toztzagvwjy/"; http_uri; depth:24; isdataat:!1,relative; content:"cosuckhoelacotatca.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197431/; classtype:trojan-activity;sid:81060531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/pages/jzopxeblzz61nek_dmf5x814m-670538746883/"; http_uri; depth:59; isdataat:!1,relative; content:"nutshell.live"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197430/; classtype:trojan-activity;sid:81060530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/m9z2zfv8ty8piy8n3n673jni2_7qxt66f-060570155262/"; http_uri; depth:63; isdataat:!1,relative; content:"rumahrumputlaut.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197429/; classtype:trojan-activity;sid:81060529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/vf31tim48_w3w3dhra-43233738464585/"; http_uri; depth:47; isdataat:!1,relative; content:"www.vigamagazine.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197428/; classtype:trojan-activity;sid:81060528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/asfahoxnfqtwvwetiguuipub/"; http_uri; depth:37; isdataat:!1,relative; content:"fearlessprograms.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197427/; classtype:trojan-activity;sid:81060527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/dane/fwfqckhkhkdkesvfhyklppxjlrzdz/"; http_uri; depth:47; isdataat:!1,relative; content:"sensoryexperiments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197426/; classtype:trojan-activity;sid:81060526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/news-admin/sites/kwmonjtpbhhoti/"; http_uri; depth:33; isdataat:!1,relative; content:"adepterssolutions.in"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197425/; classtype:trojan-activity;sid:81060525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jynne2w/llc/9emy1c5slucz05ztsb_giwscuomzh-539483200738252/"; http_uri; depth:59; isdataat:!1,relative; content:"fargopetro.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197424/; classtype:trojan-activity;sid:81060524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sites/mkngjwv5m6l1sv17p87yx0_pknytr-75251279104426/"; http_uri; depth:64; isdataat:!1,relative; content:"ucuzgezi.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197423/; classtype:trojan-activity;sid:81060523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/inc/xm4qz42spqey0xbmlse935p7n_htnif-808927181/"; http_uri; depth:58; isdataat:!1,relative; content:"garageprosofflorida.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197422/; classtype:trojan-activity;sid:81060522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/po-.exe"; http_uri; depth:26; isdataat:!1,relative; content:"mpctunisia.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197421/; classtype:trojan-activity;sid:81060521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.224.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197420/; classtype:trojan-activity;sid:81060520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/lm/vkucvnqkiomools/"; http_uri; depth:29; isdataat:!1,relative; content:"nazarnews.kz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197419/; classtype:trojan-activity;sid:81060519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.224.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197418/; classtype:trojan-activity;sid:81060518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.224.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197417/; classtype:trojan-activity;sid:81060517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.224.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197414/; classtype:trojan-activity;sid:81060514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.224.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197415/; classtype:trojan-activity;sid:81060515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.224.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197416/; classtype:trojan-activity;sid:81060516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.224.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197412/; classtype:trojan-activity;sid:81060512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.224.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197413/; classtype:trojan-activity;sid:81060513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.224.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197410/; classtype:trojan-activity;sid:81060510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.224.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197411/; classtype:trojan-activity;sid:81060511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.224.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197409/; classtype:trojan-activity;sid:81060509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ma.server"; http_uri; depth:10; isdataat:!1,relative; content:"222.187.238.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197408/; classtype:trojan-activity;sid:81060508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/pages/s58yu0v6fypgyfni20hii8hwg_jek2i-606008745493539/"; http_uri; depth:64; isdataat:!1,relative; content:"marsella.kz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197407/; classtype:trojan-activity;sid:81060507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/dados.txt"; http_uri; depth:12; isdataat:!1,relative; content:"13.211.188.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197406/; classtype:trojan-activity;sid:81060506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c/verificar.php"; http_uri; depth:16; isdataat:!1,relative; content:"13.211.188.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197405/; classtype:trojan-activity;sid:81060505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/conta.php"; http_uri; depth:12; isdataat:!1,relative; content:"13.211.188.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197404/; classtype:trojan-activity;sid:81060504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/dados.txt"; http_uri; depth:12; isdataat:!1,relative; content:"13.211.188.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197403/; classtype:trojan-activity;sid:81060503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/verificar.php"; http_uri; depth:16; isdataat:!1,relative; content:"13.211.188.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197402/; classtype:trojan-activity;sid:81060502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/vf31tim48_w3w3dhra-43233738464585/"; http_uri; depth:47; isdataat:!1,relative; content:"www.vigamagazine.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197401/; classtype:trojan-activity;sid:81060501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197399/; classtype:trojan-activity;sid:81060499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; content:"185.101.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197400/; classtype:trojan-activity;sid:81060500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; content:"185.101.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197398/; classtype:trojan-activity;sid:81060498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm6"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197396/; classtype:trojan-activity;sid:81060496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197397/; classtype:trojan-activity;sid:81060497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm4"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197394/; classtype:trojan-activity;sid:81060494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197395/; classtype:trojan-activity;sid:81060495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197393/; classtype:trojan-activity;sid:81060493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; content:"185.101.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197392/; classtype:trojan-activity;sid:81060492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; content:"185.101.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197391/; classtype:trojan-activity;sid:81060491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/asfahoxnfqtwvwetiguuipub/"; http_uri; depth:37; isdataat:!1,relative; content:"fearlessprograms.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197390/; classtype:trojan-activity;sid:81060490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/dane/fwfqckhkhkdkesvfhyklppxjlrzdz/"; http_uri; depth:47; isdataat:!1,relative; content:"sensoryexperiments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197389/; classtype:trojan-activity;sid:81060489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/lm/rkqbwerwvlwuuvoikdtsyyaf/"; http_uri; depth:40; isdataat:!1,relative; content:"www.berryandlamberts.co.uk"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197388/; classtype:trojan-activity;sid:81060488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wpp-admin/benuagain.exe"; http_uri; depth:24; isdataat:!1,relative; content:"kemostarlogistics.co.ke"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197387/; classtype:trojan-activity;sid:81060487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/janahenry.com/inc/gw9y5bij19cs7fk8_w7z306-48284886/"; http_uri; depth:52; isdataat:!1,relative; content:"basswoodman.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197386/; classtype:trojan-activity;sid:81060486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/nspebhehdcqo/"; http_uri; depth:23; isdataat:!1,relative; content:"couchplan.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197385/; classtype:trojan-activity;sid:81060485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/dok/iav83v73v8m4ezu5eepquatv_hayo2-11638833/"; http_uri; depth:56; isdataat:!1,relative; content:"bestwellplastic.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197384/; classtype:trojan-activity;sid:81060484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/kprnhdhecccqarefswohiyosy/"; http_uri; depth:31; isdataat:!1,relative; content:"dsdalismerkezi.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197383/; classtype:trojan-activity;sid:81060483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scan/sp8s3jj8t3ub5v_09dte-646541542/"; http_uri; depth:46; isdataat:!1,relative; content:"lbtesting.tk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197382/; classtype:trojan-activity;sid:81060482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/llc/r0gy18x366omf1z9zzz38_pj5h3pxf72-6411330379420/"; http_uri; depth:63; isdataat:!1,relative; content:"fulan.tk"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197381/; classtype:trojan-activity;sid:81060481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/dok/e52jnca99j_ufwvghp8oa-92780853/"; http_uri; depth:45; isdataat:!1,relative; content:"newparadise.com.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197380/; classtype:trojan-activity;sid:81060480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/dok/jqyhnazhux/"; http_uri; depth:23; isdataat:!1,relative; content:"elysiumtravels.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197379/; classtype:trojan-activity;sid:81060479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_tabearoot/pages/q0b9ltiv7p0hqmp_jamyvr-15838314/"; http_uri; depth:50; isdataat:!1,relative; content:"tabea.co.id"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197378/; classtype:trojan-activity;sid:81060478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/products/qpiuzyaafgoupasio/"; http_uri; depth:28; isdataat:!1,relative; content:"priyainfosys.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197377/; classtype:trojan-activity;sid:81060477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/g1gc04s1woz64tp6ugkcifwtu7pk0_l0pue-9898692635/"; http_uri; depth:63; isdataat:!1,relative; content:"itcomsrv.kz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197376/; classtype:trojan-activity;sid:81060476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ghhjnlwfdj/"; http_uri; depth:23; isdataat:!1,relative; content:"kadindergisi.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197375/; classtype:trojan-activity;sid:81060475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/dok/weugvitf5i8i6h31w6mcw9_68ca8-0982487868527/"; http_uri; depth:51; isdataat:!1,relative; content:"limpiezasdimoba.es"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197373/; classtype:trojan-activity;sid:81060473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/doc/8wzp7a7yucb7j8_5uog8v39-738053714/"; http_uri; depth:48; isdataat:!1,relative; content:"ozdemirpolisaj.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197374/; classtype:trojan-activity;sid:81060474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin/inc/09j3zev48v1si2_dvo5k-186622991462132/"; http_uri; depth:53; isdataat:!1,relative; content:"hakan.gq"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197372/; classtype:trojan-activity;sid:81060472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/dane/ktdqbceubaybuvnlqt/"; http_uri; depth:36; isdataat:!1,relative; content:"nesrinrealestate.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197371/; classtype:trojan-activity;sid:81060471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/proforma/benuc.exe"; http_uri; depth:19; isdataat:!1,relative; content:"www.terryhill.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197370/; classtype:trojan-activity;sid:81060470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/proforma/tknewc.exe"; http_uri; depth:20; isdataat:!1,relative; content:"www.terryhill.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197369/; classtype:trojan-activity;sid:81060469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/proforma/playerc4.exe"; http_uri; depth:22; isdataat:!1,relative; content:"www.terryhill.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197368/; classtype:trojan-activity;sid:81060468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/proforma/ifycry.exe"; http_uri; depth:20; isdataat:!1,relative; content:"www.terryhill.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197367/; classtype:trojan-activity;sid:81060467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/w/avebuxbek1668k49fbanenjcnhbkbe9ekg06ae.txt"; http_uri; depth:45; isdataat:!1,relative; content:"13.239.12.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197366/; classtype:trojan-activity;sid:81060466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/w/zbkbesef56f7e7ki6idme9hba9a6al6eaam960.txt"; http_uri; depth:45; isdataat:!1,relative; content:"13.239.12.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197365/; classtype:trojan-activity;sid:81060465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/w/b8b81l.zip"; http_uri; depth:13; isdataat:!1,relative; content:"13.239.12.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197364/; classtype:trojan-activity;sid:81060464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tni/5drt01/"; http_uri; depth:12; isdataat:!1,relative; content:"saigon3t.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197363/; classtype:trojan-activity;sid:81060463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1989/byws3s862/"; http_uri; depth:16; isdataat:!1,relative; content:"kafuo.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197362/; classtype:trojan-activity;sid:81060462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/oryzre18/"; http_uri; depth:18; isdataat:!1,relative; content:"led-lcd-repair.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197361/; classtype:trojan-activity;sid:81060461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/pe56/"; http_uri; depth:11; isdataat:!1,relative; content:"hubcub.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197360/; classtype:trojan-activity;sid:81060460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/u39/"; http_uri; depth:14; isdataat:!1,relative; content:"adex2019.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197359/; classtype:trojan-activity;sid:81060459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shree/o7u4s7u3775/"; http_uri; depth:19; isdataat:!1,relative; content:"pawarsoftwares.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197358/; classtype:trojan-activity;sid:81060458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/inc/vbwpikypweqydjabjdqnficzqkzgjq/"; http_uri; depth:40; isdataat:!1,relative; content:"ionline-productie-b.nl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197357/; classtype:trojan-activity;sid:81060457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/o5bb4tmlhcrqif9_xed9ozwg-413214995635/"; http_uri; depth:58; isdataat:!1,relative; content:"umfccicentennialexpo.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197356/; classtype:trojan-activity;sid:81060456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/news-admin/sites/kwmonjtpbhhoti/"; http_uri; depth:33; isdataat:!1,relative; content:"www.adepterssolutions.in"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197355/; classtype:trojan-activity;sid:81060455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/scan/jsepfspomxtuex/"; http_uri; depth:24; isdataat:!1,relative; content:"trangsuchanghieu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197354/; classtype:trojan-activity;sid:81060454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/document/ntdqwygpvi22hqbr_hb35nj59mk-67421750/"; http_uri; depth:55; isdataat:!1,relative; content:"projetoidea.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197353/; classtype:trojan-activity;sid:81060453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/pages/szvkawgsdtqomylakfzj/"; http_uri; depth:31; isdataat:!1,relative; content:"liliputacademy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197352/; classtype:trojan-activity;sid:81060452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/doc/ptnjlmhfeuxjebqbxre/"; http_uri; depth:28; isdataat:!1,relative; content:"go-offer.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197351/; classtype:trojan-activity;sid:81060451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/pages/xxl0cq8cqezqz4621v0cce94y9ghf_ij61d86-70440851677/"; http_uri; depth:67; isdataat:!1,relative; content:"getcloudptt.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197350/; classtype:trojan-activity;sid:81060450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/parts_service/lfmpsvjlian/"; http_uri; depth:36; isdataat:!1,relative; content:"www.goldenradiancenow.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197349/; classtype:trojan-activity;sid:81060449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/file/cd2tgc9o5lnpawduex92nw1r_0ijph-743646261560585/"; http_uri; depth:60; isdataat:!1,relative; content:"vhadinyani.co.za"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197348/; classtype:trojan-activity;sid:81060448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/zojdg93o_xynmmr45kk-00422649/"; http_uri; depth:41; isdataat:!1,relative; content:"akaprintdesign.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197347/; classtype:trojan-activity;sid:81060447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/lm/f17n2xp441oxn32cl_nnajqd-37483536518/"; http_uri; depth:51; isdataat:!1,relative; content:"stahlbau.kz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197346/; classtype:trojan-activity;sid:81060446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/file/ywhdpzahll/"; http_uri; depth:29; isdataat:!1,relative; content:"xn----7sbgmqervmpp0d.xn--p1ai"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197345/; classtype:trojan-activity;sid:81060445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/jjuzdjdjmh/"; http_uri; depth:37; isdataat:!1,relative; content:"4you.by"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197344/; classtype:trojan-activity;sid:81060444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/esp/qyxhswfwbfddhnokaurpvmtmjksmz/"; http_uri; depth:47; isdataat:!1,relative; content:"supetar.hr"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197343/; classtype:trojan-activity;sid:81060443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download/plik/hhlqsjuabgehrkwlhxm/"; http_uri; depth:35; isdataat:!1,relative; content:"www.centurystage.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197342/; classtype:trojan-activity;sid:81060442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/document/2fo532d7wa2r_9lcsxxft2-8412003141683/"; http_uri; depth:56; isdataat:!1,relative; content:"notequeen.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197341/; classtype:trojan-activity;sid:81060441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sites/4808gr7cs81o_xv8lp5-90716048173/"; http_uri; depth:50; isdataat:!1,relative; content:"vibeshirt.de"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197340/; classtype:trojan-activity;sid:81060440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/document/bveowjpdlmskbiizwkdrjgi/"; http_uri; depth:45; isdataat:!1,relative; content:"emmaxsimon.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197339/; classtype:trojan-activity;sid:81060439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ltc/lm/y0qtzd293a46_edivl-05667044/"; http_uri; depth:36; isdataat:!1,relative; content:"pkols.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197338/; classtype:trojan-activity;sid:81060438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/yqsolwihkvauxyrdesnywe/"; http_uri; depth:35; isdataat:!1,relative; content:"mroneagrofarm.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197337/; classtype:trojan-activity;sid:81060437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pages/kyvw2rg8l34j7cr3h5axgi1m4mn_fzjqevf-97122936/"; http_uri; depth:63; isdataat:!1,relative; content:"serialnow.ga"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197336/; classtype:trojan-activity;sid:81060436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/vzshfacucnbtmogozdsmwzlgwdrpdr/"; http_uri; depth:43; isdataat:!1,relative; content:"katesemernya.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197335/; classtype:trojan-activity;sid:81060435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/document/yamgaguqzqwdevdtgpe/"; http_uri; depth:41; isdataat:!1,relative; content:"tetrafire.co.uk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197334/; classtype:trojan-activity;sid:81060434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/xj9ep58gcu77dv4a_38ghv2-465992270155987/"; http_uri; depth:66; isdataat:!1,relative; content:"gak-tavrida.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197333/; classtype:trojan-activity;sid:81060433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/vfkyadxlebnftqaq5r53pbjg_0pii503-128245217/"; http_uri; depth:53; isdataat:!1,relative; content:"usgoldusa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197332/; classtype:trojan-activity;sid:81060432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pythonfanatic/412532532456/master/!xamarin.zip"; http_uri; depth:47; isdataat:!1,relative; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197331/; classtype:trojan-activity;sid:81060431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pythonfanatic/412532532456/raw/master/!xamarin.zip"; http_uri; depth:51; isdataat:!1,relative; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197330/; classtype:trojan-activity;sid:81060430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/file/ustyjgzpcukee/"; http_uri; depth:30; isdataat:!1,relative; content:"nppaquasell.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197329/; classtype:trojan-activity;sid:81060429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/doc/doc/gnkhfcwfrgw2uxshp3epae0_ao74nlt-096921694396262/"; http_uri; depth:57; isdataat:!1,relative; content:"weareredi.ng"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197328/; classtype:trojan-activity;sid:81060428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/esp/i2b08crtzw5cemgb_c9lnt9-19555073384/"; http_uri; depth:48; isdataat:!1,relative; content:"www.actyouth.eu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197326/; classtype:trojan-activity;sid:81060426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/paclm/nditktux/"; http_uri; depth:24; isdataat:!1,relative; content:"www.teestube-luetzel.de"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197327/; classtype:trojan-activity;sid:81060427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/zimmfsnar1mmbkqgw3lywr3hay_4tz27aj-944046501916/"; http_uri; depth:60; isdataat:!1,relative; content:"armpremium.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197325/; classtype:trojan-activity;sid:81060425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/libraries/parts_service/hgetaneyhamaycgjxzg/"; http_uri; depth:45; isdataat:!1,relative; content:"mindenamifeeder.hu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197324/; classtype:trojan-activity;sid:81060424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/paclm/aucdwidppidosulvohndpxhi/"; http_uri; depth:45; isdataat:!1,relative; content:"cebiro.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197323/; classtype:trojan-activity;sid:81060423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/doc/lruberblpcnzpmgixlyliwxebburl/"; http_uri; depth:42; isdataat:!1,relative; content:"graf-zenklusen-consulting.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197322/; classtype:trojan-activity;sid:81060422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/3p7kx6f6_i2sbp0dp4-73400649/"; http_uri; depth:41; isdataat:!1,relative; content:"mikemcgowandrivingschool.co.uk"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197321/; classtype:trojan-activity;sid:81060421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/lm/zep2i1tfx9606nz9zmc_01n5iwx9hz-96231646376136/"; http_uri; depth:58; isdataat:!1,relative; content:"bimeirann.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197320/; classtype:trojan-activity;sid:81060420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/forum/dok/iozbxhabpkndsnboontlaxs/"; http_uri; depth:35; isdataat:!1,relative; content:"www.dsgn.mk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197319/; classtype:trojan-activity;sid:81060419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/6dvs7d7n47nvo55obcs_g1v5zaoh-17220872243397/"; http_uri; depth:59; isdataat:!1,relative; content:"musiccollege.kz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197318/; classtype:trojan-activity;sid:81060418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jiqz/cashflow.qwe"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.39.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197317/; classtype:trojan-activity;sid:81060417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/inc/xm4qz42spqey0xbmlse935p7n_htnif-808927181/"; http_uri; depth:58; isdataat:!1,relative; content:"garageprosofflorida.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197316/; classtype:trojan-activity;sid:81060416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/resources/sites/nqdwriqg/"; http_uri; depth:26; isdataat:!1,relative; content:"lovelynails.ca"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197315/; classtype:trojan-activity;sid:81060415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lm/iindtspj7l1rjua_kth52-09810828625/"; http_uri; depth:50; isdataat:!1,relative; content:"colegioadventistadeibague.edu.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197314/; classtype:trojan-activity;sid:81060414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/dok/u64cootnzedlueyyst5y94_ll2jkxhz9f-74475965040/"; http_uri; depth:63; isdataat:!1,relative; content:"bariloja.cf"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197313/; classtype:trojan-activity;sid:81060413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sitemaps/tzirxgpandt/"; http_uri; depth:22; isdataat:!1,relative; content:"plazacolibri.com.mx"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197312/; classtype:trojan-activity;sid:81060412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/lm/0xmi5dgm2nyy2zv9npukw_024pc4szh-039929300/"; http_uri; depth:55; isdataat:!1,relative; content:"myvidzz.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197311/; classtype:trojan-activity;sid:81060411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pages/uvfqfafagew8yjycmd0w_kliv6kg9a-685391039503795/"; http_uri; depth:65; isdataat:!1,relative; content:"e-tvet.kz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197310/; classtype:trojan-activity;sid:81060410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/dane/caqmunld9d0bwoe485_4wbne40n0-13420866855/"; http_uri; depth:59; isdataat:!1,relative; content:"lylevr.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197309/; classtype:trojan-activity;sid:81060409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/esp/jfgqbhr1towl9iedhe6n_3i2npjtm-227259736608/"; http_uri; depth:51; isdataat:!1,relative; content:"nomatyeinstitute.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197308/; classtype:trojan-activity;sid:81060408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/paclm/io1d7hdm7xpju25ocmsn3u_1i55q-17574052527/"; http_uri; depth:52; isdataat:!1,relative; content:"quantumplus.ml"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197307/; classtype:trojan-activity;sid:81060407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/dane/rys4k5gnsmsqsxjm1ncolweyxmbz7_ye2caowb-5237557421/"; http_uri; depth:67; isdataat:!1,relative; content:"maat.cf"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197306/; classtype:trojan-activity;sid:81060406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/application/ximd7u7nigxu9r_kc6bgdfo-958450195888/"; http_uri; depth:50; isdataat:!1,relative; content:"allinonetools.club"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197305/; classtype:trojan-activity;sid:81060405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/file/mrixcidpxtazlofqscdyfdrnt/"; http_uri; depth:40; isdataat:!1,relative; content:"navan.co.tz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197304/; classtype:trojan-activity;sid:81060404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/inc/rjliovweoajmvqmkdhcz/"; http_uri; depth:35; isdataat:!1,relative; content:"anizoo.site"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197303/; classtype:trojan-activity;sid:81060403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/almasoodi/pages/fyfflurbarenmwhhjmnpbdk/"; http_uri; depth:41; isdataat:!1,relative; content:"almasoodi.com.pk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197302/; classtype:trojan-activity;sid:81060402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wxapfyrqu/"; http_uri; depth:14; isdataat:!1,relative; content:"dev.psuade.co.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197301/; classtype:trojan-activity;sid:81060401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/02tyujx_uodc9-64381991/"; http_uri; depth:35; isdataat:!1,relative; content:"odasaja.my"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197300/; classtype:trojan-activity;sid:81060400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/irbqvehd/"; http_uri; depth:18; isdataat:!1,relative; content:"mikyaskitap.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197299/; classtype:trojan-activity;sid:81060399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/menusl/dsylpbrom/"; http_uri; depth:18; isdataat:!1,relative; content:"punjabupnews.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197298/; classtype:trojan-activity;sid:81060398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/zbqcnsmf/"; http_uri; depth:13; isdataat:!1,relative; content:"itekscompany.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197297/; classtype:trojan-activity;sid:81060397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/dane/gyljttnsncdmgmldw/"; http_uri; depth:33; isdataat:!1,relative; content:"permanent-rf.000webhostapp.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197296/; classtype:trojan-activity;sid:81060396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/vflos34ornmgwmc8k5rtf6ifq_avzfsvq-64972674/"; http_uri; depth:56; isdataat:!1,relative; content:"retolert.gq"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197295/; classtype:trojan-activity;sid:81060395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/lm/3f7jx00qxwua_qi82cgg4z4-42435752/"; http_uri; depth:44; isdataat:!1,relative; content:"melangeemall.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197294/; classtype:trojan-activity;sid:81060394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/444f5004-8817-471d-8fef-e113ebf2eb43/downloads/b9c9ea61-f7f6-4d6a-a31d-d7745a0275f6/setup.zipsignature=cp7et2vxpp%2b%2b0wdsp2ltsbsd0hq%3d|26|expires=1558013795|26|awsaccesskeyid=akiaiqwxw6wlxmb5qzaq|26|versionid=xmctmrcf_ykkmtrbipylif5xe4czyhdn|26|response-content-disposition=attachment%3b%20filename%3d%22setup.zip%22"; http_uri; depth:320; isdataat:!1,relative; content:"bbuseruploads.s3.amazonaws.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197293/; classtype:trojan-activity;sid:81060393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/file/d8cte9mw81zzf_9j1w7xs-6470775946/"; http_uri; depth:44; isdataat:!1,relative; content:"asuvision.tv"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197292/; classtype:trojan-activity;sid:81060392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ywhv/lm/gy7eo66gr0f42jbdj5z0wu6_cunzn61nf3-608153857217416/"; http_uri; depth:60; isdataat:!1,relative; content:"orida.co.th"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197291/; classtype:trojan-activity;sid:81060391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/parts_service/om2cmp12f6slvrgr_a0i4f1e8uf-95220990/"; http_uri; depth:63; isdataat:!1,relative; content:"taubiologic.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197290/; classtype:trojan-activity;sid:81060390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/dok/rcybxgzbcassreyhmjhmfej/"; http_uri; depth:38; isdataat:!1,relative; content:"beenet.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197289/; classtype:trojan-activity;sid:81060389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cli/doc/9q2zhkcyggh1shu00gx_ov7jndh6k-09455198824059/"; http_uri; depth:54; isdataat:!1,relative; content:"ladesign.pl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197288/; classtype:trojan-activity;sid:81060388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pleer/setup.exe"; http_uri; depth:16; isdataat:!1,relative; content:"proverka.host"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197287/; classtype:trojan-activity;sid:81060387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jynne2w/llc/9emy1c5slucz05ztsb_giwscuomzh-539483200738252/"; http_uri; depth:59; isdataat:!1,relative; content:"fargopetro.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197286/; classtype:trojan-activity;sid:81060386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/02d5cd45-0495-4f95-abc2-60994762a06d/downloads/c22be1ad-2e97-411c-bfe5-362fa139bb4c/carrot%20fun.exesignature=pakka0sihfyox9ushxgj7cegaho%3d|26|expires=1558013410|26|awsaccesskeyid=akiaiqwxw6wlxmb5qzaq|26|versionid=nqibfbx4ywbgha0gwi9oeieizjshlwcq|26|response-content-disposition=attachment%3b%20filename%3d%22carrot%2520fun.exe%22"; http_uri; depth:332; isdataat:!1,relative; content:"bbuseruploads.s3.amazonaws.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197285/; classtype:trojan-activity;sid:81060385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cli/dane/sjcmfzurexoinw8yktp75_d9wfqb-515794612/"; http_uri; depth:49; isdataat:!1,relative; content:"www.labmilk.co.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197284/; classtype:trojan-activity;sid:81060384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oisev1/bot/downloads/setup.zip"; http_uri; depth:31; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197282/; classtype:trojan-activity;sid:81060382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/includes/file/ynjeciuqbao1oqoo9uo7z_ivwitvqu-8170101122772/"; http_uri; depth:60; isdataat:!1,relative; content:"namgasn.uz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197281/; classtype:trojan-activity;sid:81060381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/inf/nmwquxoafqnnxzxfpffxigispsszto/"; http_uri; depth:47; isdataat:!1,relative; content:"xn--b1aafke9aadcbbkcup.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197280/; classtype:trojan-activity;sid:81060380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/glumber/supr/downloads/setu%d1%80.exe"; http_uri; depth:38; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197279/; classtype:trojan-activity;sid:81060379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yardhouse/rrhk/downloads/carrot%20fun.exe"; http_uri; depth:42; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197278/; classtype:trojan-activity;sid:81060378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/document/55o2itnmf3ej2jic5i6uwuel_0n3zs3z-07736507334/"; http_uri; depth:63; isdataat:!1,relative; content:"ryzoma.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197277/; classtype:trojan-activity;sid:81060377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mansano/file/ohgsfrzhnkgrfngnf/"; http_uri; depth:32; isdataat:!1,relative; content:"blogs.ct.utfpr.edu.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197276/; classtype:trojan-activity;sid:81060376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pages/kkon3wrs5e55_5jetu6vxq-577435771743912/"; http_uri; depth:57; isdataat:!1,relative; content:"r2d2-fitness.by"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197275/; classtype:trojan-activity;sid:81060375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tae0de/doc/p2ap0ealmknrs68fu2v6_tgp2qiy-39049131/"; http_uri; depth:50; isdataat:!1,relative; content:"goldenfibra.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197274/; classtype:trojan-activity;sid:81060374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/just/parts_service/ijjatgjjmrfscxzfnnvfeohcx/"; http_uri; depth:46; isdataat:!1,relative; content:"penis.tips"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197273/; classtype:trojan-activity;sid:81060373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/goldeninvest/goldeninvest/downloads/goldinvest.exe"; http_uri; depth:51; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197272/; classtype:trojan-activity;sid:81060372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/file/lmqeqxsotinlolsahofulmlohmfcv/"; http_uri; depth:55; isdataat:!1,relative; content:"anneko.co"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197271/; classtype:trojan-activity;sid:81060371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jslaqvc/sites/mxzvoh89x0qckgr6o15u5u6_flunaxbr-58482644361652/"; http_uri; depth:63; isdataat:!1,relative; content:"supervinco.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197270/; classtype:trojan-activity;sid:81060370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/llc/naqgnvzxii/"; http_uri; depth:24; isdataat:!1,relative; content:"snsyndicate.ir"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197269/; classtype:trojan-activity;sid:81060369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/file/bpydoykamnrmqvszgycljjengf/"; http_uri; depth:52; isdataat:!1,relative; content:"innovate-wp.club"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197268/; classtype:trojan-activity;sid:81060368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sites/rtmnhskxeelctfmyxnqzmgnwzfajzp/"; http_uri; depth:49; isdataat:!1,relative; content:"whitelilygreens.ga"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197267/; classtype:trojan-activity;sid:81060367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/scan/w47f1wrvkbj_nkrlejr-2795797927401/"; http_uri; depth:51; isdataat:!1,relative; content:"heritagehampers.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197266/; classtype:trojan-activity;sid:81060366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"47.14.99.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197265/; classtype:trojan-activity;sid:81060365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.79.131.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197264/; classtype:trojan-activity;sid:81060364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.251.136.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197263/; classtype:trojan-activity;sid:81060363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"93.119.236.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197262/; classtype:trojan-activity;sid:81060362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"61.82.215.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197261/; classtype:trojan-activity;sid:81060361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.121.226.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197260/; classtype:trojan-activity;sid:81060360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"67.85.21.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197259/; classtype:trojan-activity;sid:81060359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"84.240.9.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197258/; classtype:trojan-activity;sid:81060358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"84.197.12.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197257/; classtype:trojan-activity;sid:81060357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"211.229.130.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197256/; classtype:trojan-activity;sid:81060356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"86.107.163.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197255/; classtype:trojan-activity;sid:81060355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"27.113.54.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197254/; classtype:trojan-activity;sid:81060354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"109.185.44.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197253/; classtype:trojan-activity;sid:81060353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"93.117.144.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197252/; classtype:trojan-activity;sid:81060352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"121.153.34.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197251/; classtype:trojan-activity;sid:81060351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"88.84.185.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197250/; classtype:trojan-activity;sid:81060350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"92.115.170.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197249/; classtype:trojan-activity;sid:81060349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"78.71.68.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197248/; classtype:trojan-activity;sid:81060348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"46.109.79.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197247/; classtype:trojan-activity;sid:81060347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"91.105.113.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197246/; classtype:trojan-activity;sid:81060346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"93.116.216.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197245/; classtype:trojan-activity;sid:81060345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"189.206.35.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197244/; classtype:trojan-activity;sid:81060344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"210.113.48.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197243/; classtype:trojan-activity;sid:81060343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"222.125.62.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197242/; classtype:trojan-activity;sid:81060342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"140.186.182.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197241/; classtype:trojan-activity;sid:81060341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"190.141.239.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197240/; classtype:trojan-activity;sid:81060340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.42.118.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197239/; classtype:trojan-activity;sid:81060339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"84.198.11.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197238/; classtype:trojan-activity;sid:81060338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"188.243.103.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197237/; classtype:trojan-activity;sid:81060337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"79.120.157.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197236/; classtype:trojan-activity;sid:81060336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"5.56.101.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197235/; classtype:trojan-activity;sid:81060335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"93.119.151.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197234/; classtype:trojan-activity;sid:81060334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"46.55.89.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197233/; classtype:trojan-activity;sid:81060333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"109.185.171.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197232/; classtype:trojan-activity;sid:81060332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"91.67.110.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197231/; classtype:trojan-activity;sid:81060331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"87.176.75.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197230/; classtype:trojan-activity;sid:81060330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"62.77.210.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197229/; classtype:trojan-activity;sid:81060329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"86.105.56.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197228/; classtype:trojan-activity;sid:81060328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"93.117.79.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197227/; classtype:trojan-activity;sid:81060327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"89.32.56.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197226/; classtype:trojan-activity;sid:81060326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"89.40.204.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197225/; classtype:trojan-activity;sid:81060325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"86.107.163.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197224/; classtype:trojan-activity;sid:81060324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"188.81.69.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197223/; classtype:trojan-activity;sid:81060323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"86.105.56.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197222/; classtype:trojan-activity;sid:81060322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"92.115.33.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197221/; classtype:trojan-activity;sid:81060321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.42.87.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197220/; classtype:trojan-activity;sid:81060320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"86.107.163.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197219/; classtype:trojan-activity;sid:81060319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"91.215.126.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197218/; classtype:trojan-activity;sid:81060318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"89.32.62.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197217/; classtype:trojan-activity;sid:81060317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"222.103.52.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197216/; classtype:trojan-activity;sid:81060316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"83.250.28.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197215/; classtype:trojan-activity;sid:81060315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"89.160.77.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197214/; classtype:trojan-activity;sid:81060314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"86.107.165.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197213/; classtype:trojan-activity;sid:81060313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"14.47.60.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197212/; classtype:trojan-activity;sid:81060312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"82.160.19.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197211/; classtype:trojan-activity;sid:81060311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"89.41.79.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197210/; classtype:trojan-activity;sid:81060310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"37.145.97.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197209/; classtype:trojan-activity;sid:81060309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"121.161.45.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197208/; classtype:trojan-activity;sid:81060308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"68.32.100.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197207/; classtype:trojan-activity;sid:81060307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"109.185.229.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197206/; classtype:trojan-activity;sid:81060306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"5.56.94.125"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197205/; classtype:trojan-activity;sid:81060305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"79.164.144.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197204/; classtype:trojan-activity;sid:81060304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"188.237.186.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197203/; classtype:trojan-activity;sid:81060303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"71.11.148.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197202/; classtype:trojan-activity;sid:81060302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"221.161.40.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197201/; classtype:trojan-activity;sid:81060301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"195.190.101.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197200/; classtype:trojan-activity;sid:81060300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"37.106.74.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197199/; classtype:trojan-activity;sid:81060299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"5.165.46.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197198/; classtype:trojan-activity;sid:81060298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/k.doc"; http_uri; depth:9; isdataat:!1,relative; content:"www.tandf.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197197/; classtype:trojan-activity;sid:81060297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/py.msi"; http_uri; depth:10; isdataat:!1,relative; content:"www.tandf.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197196/; classtype:trojan-activity;sid:81060296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.42.72.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197195/; classtype:trojan-activity;sid:81060295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"178.208.241.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197194/; classtype:trojan-activity;sid:81060294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.42.81.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197193/; classtype:trojan-activity;sid:81060293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"92.115.66.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197192/; classtype:trojan-activity;sid:81060292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.42.74.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197191/; classtype:trojan-activity;sid:81060291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"115.21.142.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197190/; classtype:trojan-activity;sid:81060290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"93.116.69.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197189/; classtype:trojan-activity;sid:81060289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"39.122.223.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197188/; classtype:trojan-activity;sid:81060288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"92.115.29.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197187/; classtype:trojan-activity;sid:81060287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"96.41.13.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197186/; classtype:trojan-activity;sid:81060286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"121.157.45.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197185/; classtype:trojan-activity;sid:81060285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.42.103.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197184/; classtype:trojan-activity;sid:81060284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"188.247.110.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197183/; classtype:trojan-activity;sid:81060283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"91.83.230.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197182/; classtype:trojan-activity;sid:81060282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"66.66.23.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197181/; classtype:trojan-activity;sid:81060281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"109.185.184.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197180/; classtype:trojan-activity;sid:81060280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"92.115.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197179/; classtype:trojan-activity;sid:81060279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"92.115.66.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197178/; classtype:trojan-activity;sid:81060278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.30.20.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197177/; classtype:trojan-activity;sid:81060277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"93.116.216.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197176/; classtype:trojan-activity;sid:81060276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.42.76.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197175/; classtype:trojan-activity;sid:81060275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"158.174.249.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197174/; classtype:trojan-activity;sid:81060274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"109.185.44.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197173/; classtype:trojan-activity;sid:81060273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.42.120.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197172/; classtype:trojan-activity;sid:81060272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"36.38.203.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197171/; classtype:trojan-activity;sid:81060271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"92.115.3.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197170/; classtype:trojan-activity;sid:81060270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"77.42.73.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197169/; classtype:trojan-activity;sid:81060269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"86.105.59.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197168/; classtype:trojan-activity;sid:81060268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"86.106.215.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197167/; classtype:trojan-activity;sid:81060267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"93.116.18.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197166/; classtype:trojan-activity;sid:81060266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"46.55.127.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197165/; classtype:trojan-activity;sid:81060265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"37.18.40.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197164/; classtype:trojan-activity;sid:81060264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"83.23.90.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197163/; classtype:trojan-activity;sid:81060263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"109.185.44.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197162/; classtype:trojan-activity;sid:81060262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"188.212.41.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197161/; classtype:trojan-activity;sid:81060261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"175.212.187.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197160/; classtype:trojan-activity;sid:81060260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stiv2658/stivv7/downloads/clsslhdd.exe"; http_uri; depth:39; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197159/; classtype:trojan-activity;sid:81060259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/parts_service/bfcccfadawzyydtnwvmasfawxbtdi/"; http_uri; depth:54; isdataat:!1,relative; content:"www.mahala.es"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197158/; classtype:trojan-activity;sid:81060258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2vx0z2/vlec09ninvhx1tu7g21lv25akgx8yq_0cfkc-505184962343/"; http_uri; depth:58; isdataat:!1,relative; content:"filosofiya.moscow"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197157/; classtype:trojan-activity;sid:81060257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/opxpxcxap/"; http_uri; depth:26; isdataat:!1,relative; content:"alvaactivewear.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197156/; classtype:trojan-activity;sid:81060256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gtt67lnmf2nf_yte6bgga-98525083654/"; http_uri; depth:46; isdataat:!1,relative; content:"shop.deepcleaningalbania.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197155/; classtype:trojan-activity;sid:81060255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/creationmaintenance.co.uk/plik/0b7yzogc9ssofb8efy4o2otyua0o8_769kqe-314850535719656/"; http_uri; depth:85; isdataat:!1,relative; content:"1roof.ltd.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197154/; classtype:trojan-activity;sid:81060254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plik/abmcygth/"; http_uri; depth:15; isdataat:!1,relative; content:"37p.jp"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197153/; classtype:trojan-activity;sid:81060253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fnnjsody/"; http_uri; depth:10; isdataat:!1,relative; content:"anja.nu"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197152/; classtype:trojan-activity;sid:81060252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/phpmyadmin-4.7.2/dok/asbgcruv4k6haf567dfcwtekrl_e6601rvc9-9233947367573/"; http_uri; depth:73; isdataat:!1,relative; content:"apptecsa.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197151/; classtype:trojan-activity;sid:81060251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ssfm/b5kpfyr4brv5ulcvzrj4x4p_1ofz2gukj-441557287873828/"; http_uri; depth:56; isdataat:!1,relative; content:"ayrconsulting.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197150/; classtype:trojan-activity;sid:81060250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mki/kino.exe"; http_uri; depth:13; isdataat:!1,relative; content:"farmaciaeletronica.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197149/; classtype:trojan-activity;sid:81060249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/clients/dok/dc9v71bcybeh9bmdsqw1y4a6xq_veb2196wtl-65827335/"; http_uri; depth:60; isdataat:!1,relative; content:"biederman.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197148/; classtype:trojan-activity;sid:81060248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sircuss/document/wesfwocnrd/"; http_uri; depth:29; isdataat:!1,relative; content:"bey12.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197147/; classtype:trojan-activity;sid:81060247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/esp/oqmgxixxzfhwykzpjvntdkxiiukqo/"; http_uri; depth:35; isdataat:!1,relative; content:"brandsecret.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197146/; classtype:trojan-activity;sid:81060246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/auditd"; http_uri; depth:7; isdataat:!1,relative; content:"89.248.172.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197145/; classtype:trojan-activity;sid:81060245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; content:"89.248.172.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197144/; classtype:trojan-activity;sid:81060244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ps"; http_uri; depth:3; isdataat:!1,relative; content:"89.248.172.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197143/; classtype:trojan-activity;sid:81060243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/grixfumztvkpwjwktofo/"; http_uri; depth:25; isdataat:!1,relative; content:"chaoscopia.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197142/; classtype:trojan-activity;sid:81060242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1124_938_0029.php"; http_uri; depth:18; isdataat:!1,relative; content:"myscs.ca"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197141/; classtype:trojan-activity;sid:81060241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/paypalgift.exe"; http_uri; depth:15; isdataat:!1,relative; content:"ybtvmt.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197140/; classtype:trojan-activity;sid:81060240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/galerie/4images/data/rtfak8ayc996q7cg5vh5_l0er1foo-15589708786576/"; http_uri; depth:67; isdataat:!1,relative; content:"digitaldog.de"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197139/; classtype:trojan-activity;sid:81060239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/screenshots/dok/36p7ai74pwfft83s39lde90v_ysp3l3vt-52256482068972/"; http_uri; depth:66; isdataat:!1,relative; content:"firemaplegames.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197138/; classtype:trojan-activity;sid:81060238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kytn-r6pimyv0ezomg5l_ubmbydui-8ff/1ujqo0h8_4bvmxqmm-50307717170842/"; http_uri; depth:68; isdataat:!1,relative; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197137/; classtype:trojan-activity;sid:81060237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mt-5.14-ja/dok/6fdzvo5g6gn6s4083n5vpi5qmcbf_rl02uon-0394150359386/"; http_uri; depth:67; isdataat:!1,relative; content:"hazama.nu"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197136/; classtype:trojan-activity;sid:81060236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_ff/stiwtzpyzacrnvctmjbpp/"; http_uri; depth:27; isdataat:!1,relative; content:"hausgraphic.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197135/; classtype:trojan-activity;sid:81060235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/monte/5xnah88x5jqvjzaw5z_uak8v-172663407/"; http_uri; depth:42; isdataat:!1,relative; content:"hedel.jp"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197134/; classtype:trojan-activity;sid:81060234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/album/inf/rlepfgbeachcdmiqgkiikhsuxktix/"; http_uri; depth:41; isdataat:!1,relative; content:"kikinet.jp"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197133/; classtype:trojan-activity;sid:81060233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/inc/gnfnrofqkvxcnlyqsteyvksuul/"; http_uri; depth:43; isdataat:!1,relative; content:"www.wfall.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197132/; classtype:trojan-activity;sid:81060232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/inf/tenpetzctgqmvgtbalhihbqhmenr/"; http_uri; depth:46; isdataat:!1,relative; content:"votopforma.com.mk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197131/; classtype:trojan-activity;sid:81060231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/dok/latakzeikwawpvfwgktuqrlriukrrl/"; http_uri; depth:44; isdataat:!1,relative; content:"allbusinesslisting.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197129/; classtype:trojan-activity;sid:81060229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/inc/ghulzrdttrhrycrejlljocrlm/"; http_uri; depth:39; isdataat:!1,relative; content:"assia.be"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197128/; classtype:trojan-activity;sid:81060228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/llc/ac1u2198b4nwzruvvf7vgidfg5_d6l4ab42c-06160596397268/"; http_uri; depth:66; isdataat:!1,relative; content:"irwaffle.ir"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197127/; classtype:trojan-activity;sid:81060227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/yqzpijsvoosranyefy/"; http_uri; depth:32; isdataat:!1,relative; content:"samel.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197126/; classtype:trojan-activity;sid:81060226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/inf/yjruzubzzncy/"; http_uri; depth:22; isdataat:!1,relative; content:"wilkinson.digital"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197125/; classtype:trojan-activity;sid:81060225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/05/2t0dbnos2wr96o_381e4a-170273837/"; http_uri; depth:60; isdataat:!1,relative; content:"krpan.si"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197124/; classtype:trojan-activity;sid:81060224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_cgi-bin/esp/hkv2dmdhkwt6j7uibjmra7q_k8xf8-002158627533800/"; http_uri; depth:60; isdataat:!1,relative; content:"virt-it.pl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197123/; classtype:trojan-activity;sid:81060223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/inf/obgjnoly/"; http_uri; depth:23; isdataat:!1,relative; content:"scholaktis.cz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197122/; classtype:trojan-activity;sid:81060222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/lm/a6sym90g42a_8d5b2aq-8151006185/"; http_uri; depth:42; isdataat:!1,relative; content:"getagig.com.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197121/; classtype:trojan-activity;sid:81060221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/plik/oobezaiakkl/"; http_uri; depth:30; isdataat:!1,relative; content:"tenutamose.ml"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197120/; classtype:trojan-activity;sid:81060220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/plik/wslhbtxfccjptpxrzdccr/"; http_uri; depth:40; isdataat:!1,relative; content:"patuaquadros.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197119/; classtype:trojan-activity;sid:81060219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/freee/puhcqwrpdlcvkooqisawrzalvh/"; http_uri; depth:34; isdataat:!1,relative; content:"ketabdoz.ir"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197118/; classtype:trojan-activity;sid:81060218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fc.pos"; http_uri; depth:7; isdataat:!1,relative; content:"earthlinkservers.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197117/; classtype:trojan-activity;sid:81060217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pages/eonz071di2e3rfzr97t6_1j72goump-16649832843198/"; http_uri; depth:64; isdataat:!1,relative; content:"magisterpknuncen.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197116/; classtype:trojan-activity;sid:81060216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x32.exe"; http_uri; depth:8; isdataat:!1,relative; content:"error00f.beget.tech"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197115/; classtype:trojan-activity;sid:81060215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x64.exe"; http_uri; depth:8; isdataat:!1,relative; content:"error00f.beget.tech"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197114/; classtype:trojan-activity;sid:81060214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/pages/2d4dnuzbyacpsp9sdrm8jry1ybg_rt342h9kh-617434830941957/"; http_uri; depth:73; isdataat:!1,relative; content:"makeinchennai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197113/; classtype:trojan-activity;sid:81060213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/eeegyadpv/"; http_uri; depth:23; isdataat:!1,relative; content:"3rdperson.ml"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197112/; classtype:trojan-activity;sid:81060212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/ur82i_90jm6p-55532/"; http_uri; depth:27; isdataat:!1,relative; content:"cybermagicindia.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197111/; classtype:trojan-activity;sid:81060211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lfhhbfmmlk/"; http_uri; depth:24; isdataat:!1,relative; content:"www.aseanlegaltech.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197110/; classtype:trojan-activity;sid:81060210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/profiles/50sq_qqdxeeln-04257/"; http_uri; depth:30; isdataat:!1,relative; content:"randewoo.ir"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197109/; classtype:trojan-activity;sid:81060209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/c6zvhffmx_6skfqch2lf-4721/"; http_uri; depth:38; isdataat:!1,relative; content:"securityone-eg.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197108/; classtype:trojan-activity;sid:81060208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/sites/l006jmwzvwk6cr2ie6_8f1de-04921188537/"; http_uri; depth:63; isdataat:!1,relative; content:"www.kaum.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197107/; classtype:trojan-activity;sid:81060207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/hbrmyjrbywdyxgtdwzjbtnilol/"; http_uri; depth:36; isdataat:!1,relative; content:"madagolf.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197106/; classtype:trojan-activity;sid:81060206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress44/esp/mznym99n3i0i3xzpfs_4wldupbgd-572062628731/"; http_uri; depth:59; isdataat:!1,relative; content:"xn--trpillershoppen-ylb.dk"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197105/; classtype:trojan-activity;sid:81060205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/owncloud/apps/document/gctygotllaosdblbbfgeqie/"; http_uri; depth:48; isdataat:!1,relative; content:"lucio.tk"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197104/; classtype:trojan-activity;sid:81060204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/itau/u5a41/"; http_uri; depth:12; isdataat:!1,relative; content:"domoticavic.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197103/; classtype:trojan-activity;sid:81060203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/3og7m3361/"; http_uri; depth:14; isdataat:!1,relative; content:"businessfixnow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197102/; classtype:trojan-activity;sid:81060202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/pcpef331/"; http_uri; depth:13; isdataat:!1,relative; content:"jubilengua.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197101/; classtype:trojan-activity;sid:81060201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ncaa61/"; http_uri; depth:20; isdataat:!1,relative; content:"wordpress-269961-838458.cloudwaysapps.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197100/; classtype:trojan-activity;sid:81060200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/wo4u3134/"; http_uri; depth:21; isdataat:!1,relative; content:"annilopponen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197099/; classtype:trojan-activity;sid:81060199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/pevkysbydwzbgabbdeat/"; http_uri; depth:33; isdataat:!1,relative; content:"deavondkoeriers.nl"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197098/; classtype:trojan-activity;sid:81060198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/dok/pu2zn9bgo9wk_m5pmtkpzj-00723560/"; http_uri; depth:45; isdataat:!1,relative; content:"the-massage.gr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197097/; classtype:trojan-activity;sid:81060197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/modules/book/client.rar"; http_uri; depth:24; isdataat:!1,relative; content:"www.raggiodisoleonlus.it"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197096/; classtype:trojan-activity;sid:81060196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alllin/test111/downloads/j.exe"; http_uri; depth:31; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197095/; classtype:trojan-activity;sid:81060195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alllin/test111/downloads/r.exe"; http_uri; depth:31; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197094/; classtype:trojan-activity;sid:81060194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alllin/test111/downloads/iz.exe"; http_uri; depth:32; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197093/; classtype:trojan-activity;sid:81060193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alllin/test111/downloads/r2.exe"; http_uri; depth:32; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197092/; classtype:trojan-activity;sid:81060192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alllin/test111/downloads/ww.exe"; http_uri; depth:32; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197091/; classtype:trojan-activity;sid:81060191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alllin/test111/downloads/upwork.exe"; http_uri; depth:36; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197090/; classtype:trojan-activity;sid:81060190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alllin/test111/downloads/u.exe"; http_uri; depth:31; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197089/; classtype:trojan-activity;sid:81060189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alllin/test111/downloads/ww2.exe"; http_uri; depth:33; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197088/; classtype:trojan-activity;sid:81060188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ude.exe"; http_uri; depth:8; isdataat:!1,relative; content:"noreply2.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197087/; classtype:trojan-activity;sid:81060187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dj.exe"; http_uri; depth:7; isdataat:!1,relative; content:"light.horizonwebhost.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197086/; classtype:trojan-activity;sid:81060186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alllin/test111/downloads/64.exe"; http_uri; depth:32; isdataat:!1,relative; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197085/; classtype:trojan-activity;sid:81060185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/qisny26ct9.exe"; http_uri; depth:23; isdataat:!1,relative; content:"187.ip-54-36-162.eu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197084/; classtype:trojan-activity;sid:81060184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/9xj0yw51k5.exe"; http_uri; depth:23; isdataat:!1,relative; content:"187.ip-54-36-162.eu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197083/; classtype:trojan-activity;sid:81060183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p6/14677"; http_uri; depth:9; isdataat:!1,relative; content:"45.67.14.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197082/; classtype:trojan-activity;sid:81060182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/:u:/g/personal/shelley_willmore_hickorys_co_uk/eqvpiktw1vhjszhgoyaqkh8bec1yqjcvjy9z7rnxx-x1ewdownload=1"; http_uri; depth:104; isdataat:!1,relative; content:"johoco2029-my.sharepoint.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197081/; classtype:trojan-activity;sid:81060181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/original/presentation.pptx"; http_uri; depth:27; isdataat:!1,relative; content:"rebbyanngray.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197080/; classtype:trojan-activity;sid:81060180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.arm5"; http_uri; depth:13; isdataat:!1,relative; content:"142.93.225.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197078/; classtype:trojan-activity;sid:81060178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.arm7"; http_uri; depth:13; isdataat:!1,relative; content:"142.93.225.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197079/; classtype:trojan-activity;sid:81060179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.arm4"; http_uri; depth:13; isdataat:!1,relative; content:"142.93.225.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197077/; classtype:trojan-activity;sid:81060177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.m68k"; http_uri; depth:13; isdataat:!1,relative; content:"142.93.225.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197075/; classtype:trojan-activity;sid:81060175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.mips"; http_uri; depth:13; isdataat:!1,relative; content:"142.93.225.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197076/; classtype:trojan-activity;sid:81060176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"192.3.182.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197074/; classtype:trojan-activity;sid:81060174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.i586"; http_uri; depth:13; isdataat:!1,relative; content:"142.93.225.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197073/; classtype:trojan-activity;sid:81060173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/[cpu]"; http_uri; depth:6; isdataat:!1,relative; content:"192.3.182.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197072/; classtype:trojan-activity;sid:81060172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.ppc"; http_uri; depth:12; isdataat:!1,relative; content:"142.93.225.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197071/; classtype:trojan-activity;sid:81060171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.182.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197070/; classtype:trojan-activity;sid:81060170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.arm6"; http_uri; depth:13; isdataat:!1,relative; content:"142.93.225.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197068/; classtype:trojan-activity;sid:81060168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.sh4"; http_uri; depth:12; isdataat:!1,relative; content:"142.93.225.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197069/; classtype:trojan-activity;sid:81060169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"192.3.182.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197067/; classtype:trojan-activity;sid:81060167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/xls.doc"; http_uri; depth:17; isdataat:!1,relative; content:"82.98.119.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197066/; classtype:trojan-activity;sid:81060166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.182.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197065/; classtype:trojan-activity;sid:81060165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.sparc"; http_uri; depth:14; isdataat:!1,relative; content:"142.93.225.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197064/; classtype:trojan-activity;sid:81060164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.182.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197063/; classtype:trojan-activity;sid:81060163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.i686"; http_uri; depth:13; isdataat:!1,relative; content:"142.93.225.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197062/; classtype:trojan-activity;sid:81060162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"192.3.182.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197061/; classtype:trojan-activity;sid:81060161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"142.93.225.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197060/; classtype:trojan-activity;sid:81060160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.182.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197059/; classtype:trojan-activity;sid:81060159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.182.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197058/; classtype:trojan-activity;sid:81060158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.182.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197057/; classtype:trojan-activity;sid:81060157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"192.3.182.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197056/; classtype:trojan-activity;sid:81060156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/amnesia.x86"; http_uri; depth:12; isdataat:!1,relative; content:"142.93.225.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197055/; classtype:trojan-activity;sid:81060155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"192.3.182.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197054/; classtype:trojan-activity;sid:81060154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p6/526144"; http_uri; depth:10; isdataat:!1,relative; content:"45.67.14.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197053/; classtype:trojan-activity;sid:81060153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsadat3"; http_uri; depth:8; isdataat:!1,relative; content:"kupitorta.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197052/; classtype:trojan-activity;sid:81060152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsadat2"; http_uri; depth:8; isdataat:!1,relative; content:"kupitorta.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197051/; classtype:trojan-activity;sid:81060151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsadat1"; http_uri; depth:8; isdataat:!1,relative; content:"kupitorta.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197050/; classtype:trojan-activity;sid:81060150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsadat3"; http_uri; depth:8; isdataat:!1,relative; content:"zonaykan.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197049/; classtype:trojan-activity;sid:81060149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsadat2"; http_uri; depth:8; isdataat:!1,relative; content:"zonaykan.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197048/; classtype:trojan-activity;sid:81060148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lsadat1"; http_uri; depth:8; isdataat:!1,relative; content:"zonaykan.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197047/; classtype:trojan-activity;sid:81060147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/01.dat"; http_uri; depth:7; isdataat:!1,relative; content:"79.141.168.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197046/; classtype:trojan-activity;sid:81060146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/01.dat"; http_uri; depth:7; isdataat:!1,relative; content:"45.76.206.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197045/; classtype:trojan-activity;sid:81060145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xkcm/9o1i83/"; http_uri; depth:13; isdataat:!1,relative; content:"mondainamsterdam.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197038/; classtype:trojan-activity;sid:81060138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps10.wap"; http_uri; depth:32; isdataat:!1,relative; content:"pgabriellelawrence.top"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197037/; classtype:trojan-activity;sid:81060137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps9.wap"; http_uri; depth:31; isdataat:!1,relative; content:"pgabriellelawrence.top"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197036/; classtype:trojan-activity;sid:81060136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps7.wap"; http_uri; depth:31; isdataat:!1,relative; content:"pgabriellelawrence.top"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197034/; classtype:trojan-activity;sid:81060134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps8.wap"; http_uri; depth:31; isdataat:!1,relative; content:"pgabriellelawrence.top"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197035/; classtype:trojan-activity;sid:81060135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps5.wap"; http_uri; depth:31; isdataat:!1,relative; content:"pgabriellelawrence.top"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197032/; classtype:trojan-activity;sid:81060132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps6.wap"; http_uri; depth:31; isdataat:!1,relative; content:"pgabriellelawrence.top"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197033/; classtype:trojan-activity;sid:81060133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps3.wap"; http_uri; depth:31; isdataat:!1,relative; content:"pgabriellelawrence.top"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197030/; classtype:trojan-activity;sid:81060130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps4.wap"; http_uri; depth:31; isdataat:!1,relative; content:"pgabriellelawrence.top"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197031/; classtype:trojan-activity;sid:81060131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps2.wap"; http_uri; depth:31; isdataat:!1,relative; content:"pgabriellelawrence.top"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197029/; classtype:trojan-activity;sid:81060129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps1.wap"; http_uri; depth:31; isdataat:!1,relative; content:"pgabriellelawrence.top"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197028/; classtype:trojan-activity;sid:81060128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/qdbb0_jgb5c-981069283/"; http_uri; depth:34; isdataat:!1,relative; content:"inhuiscreative.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197027/; classtype:trojan-activity;sid:81060127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps10.wap"; http_uri; depth:32; isdataat:!1,relative; content:"jxfps21tjohnathon.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197026/; classtype:trojan-activity;sid:81060126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps9.wap"; http_uri; depth:31; isdataat:!1,relative; content:"jxfps21tjohnathon.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197025/; classtype:trojan-activity;sid:81060125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps8.wap"; http_uri; depth:31; isdataat:!1,relative; content:"jxfps21tjohnathon.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197024/; classtype:trojan-activity;sid:81060124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps6.wap"; http_uri; depth:31; isdataat:!1,relative; content:"jxfps21tjohnathon.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197022/; classtype:trojan-activity;sid:81060122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps7.wap"; http_uri; depth:31; isdataat:!1,relative; content:"jxfps21tjohnathon.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197023/; classtype:trojan-activity;sid:81060123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/legou/3retyxo2m.phpl=ldps5.wap"; http_uri; depth:31; isdataat:!1,relative; content:"jxfps21tjohnathon.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_05_16; reference:url, urlhaus.abuse.ch/url/197021/; classtype:trojan-activity;sid:81060121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Kno