################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2023-10-01 09:49:07 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.46.185.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715444/; classtype:trojan-activity;sid:83578544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.90.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715443/; classtype:trojan-activity;sid:83578543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.247.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715442/; classtype:trojan-activity;sid:83578542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715441)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"12.171.245.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715441/; classtype:trojan-activity;sid:83578541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715439)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.54.51.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715439/; classtype:trojan-activity;sid:83578539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715440)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"84.54.51.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715440/; classtype:trojan-activity;sid:83578540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715438)"; flow:established,from_client; content:"GET"; http_method; content:"/185.28.39.18/chinazx.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.28.39.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715438/; classtype:trojan-activity;sid:83578538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715437)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.110.124.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715437/; classtype:trojan-activity;sid:83578537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715436)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.228.162.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715436/; classtype:trojan-activity;sid:83578536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715429)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.228.162.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715429/; classtype:trojan-activity;sid:83578529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715430)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.228.162.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715430/; classtype:trojan-activity;sid:83578530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715431)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.228.162.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715431/; classtype:trojan-activity;sid:83578531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715432)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.228.162.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715432/; classtype:trojan-activity;sid:83578532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715433)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.228.162.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715433/; classtype:trojan-activity;sid:83578533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715434)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.228.162.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715434/; classtype:trojan-activity;sid:83578534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715435)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.228.162.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715435/; classtype:trojan-activity;sid:83578535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715425)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.228.162.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715425/; classtype:trojan-activity;sid:83578525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715426)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.228.162.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715426/; classtype:trojan-activity;sid:83578526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715427)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.228.162.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715427/; classtype:trojan-activity;sid:83578527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715428)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.228.162.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715428/; classtype:trojan-activity;sid:83578528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715422)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"163.123.142.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715422/; classtype:trojan-activity;sid:83578522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715416)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1xinhlhtgk6ewpk2p8pqtzimphyltrlmu|7c|26|7c|export"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715416/; classtype:trojan-activity;sid:83578516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.123.142.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715413/; classtype:trojan-activity;sid:83578513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.123.142.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715407/; classtype:trojan-activity;sid:83578507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"163.123.142.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715408/; classtype:trojan-activity;sid:83578508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"163.123.142.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715409/; classtype:trojan-activity;sid:83578509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715410)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"163.123.142.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715410/; classtype:trojan-activity;sid:83578510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.123.142.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715411/; classtype:trojan-activity;sid:83578511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"163.123.142.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715412/; classtype:trojan-activity;sid:83578512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.123.142.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715402/; classtype:trojan-activity;sid:83578502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.123.142.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715403/; classtype:trojan-activity;sid:83578503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.123.142.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715404/; classtype:trojan-activity;sid:83578504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715405)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"163.123.142.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715405/; classtype:trojan-activity;sid:83578505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"163.123.142.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715406/; classtype:trojan-activity;sid:83578506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.72.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715399/; classtype:trojan-activity;sid:83578499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.101.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715397/; classtype:trojan-activity;sid:83578497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.72.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715396/; classtype:trojan-activity;sid:83578496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715393)"; flow:established,from_client; content:"GET"; http_method; content:"/files/umm2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.225.74.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715393/; classtype:trojan-activity;sid:83578493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715392)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.135.115.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715392/; classtype:trojan-activity;sid:83578492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.85.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715391/; classtype:trojan-activity;sid:83578491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715390)"; flow:established,from_client; content:"GET"; http_method; content:"/files/umm.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.225.74.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715390/; classtype:trojan-activity;sid:83578490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.79.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715389/; classtype:trojan-activity;sid:83578489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.79.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715388/; classtype:trojan-activity;sid:83578488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715386)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.184.73.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715386/; classtype:trojan-activity;sid:83578486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715385)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.96.74.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715385/; classtype:trojan-activity;sid:83578485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715384)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.241.149.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715384/; classtype:trojan-activity;sid:83578484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.191.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715383/; classtype:trojan-activity;sid:83578483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715382)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.115.162.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715382/; classtype:trojan-activity;sid:83578482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715374)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.34.4.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715374/; classtype:trojan-activity;sid:83578474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.117.7.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715373/; classtype:trojan-activity;sid:83578473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.122.67.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715372/; classtype:trojan-activity;sid:83578472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715368)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.84.229.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715368/; classtype:trojan-activity;sid:83578468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715369)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.84.229.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715369/; classtype:trojan-activity;sid:83578469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715370)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.84.229.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715370/; classtype:trojan-activity;sid:83578470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715371)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.84.229.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715371/; classtype:trojan-activity;sid:83578471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715362)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.84.229.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715362/; classtype:trojan-activity;sid:83578462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715363)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.84.229.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715363/; classtype:trojan-activity;sid:83578463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715364)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.84.229.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715364/; classtype:trojan-activity;sid:83578464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715365)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.84.229.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715365/; classtype:trojan-activity;sid:83578465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715366)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.84.229.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715366/; classtype:trojan-activity;sid:83578466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715367)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.84.229.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715367/; classtype:trojan-activity;sid:83578467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715361)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.229.180.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715361/; classtype:trojan-activity;sid:83578461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715360)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"160.119.156.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715360/; classtype:trojan-activity;sid:83578460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715359)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"160.119.156.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715359/; classtype:trojan-activity;sid:83578459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715357)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.181.173.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715357/; classtype:trojan-activity;sid:83578457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715358)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.181.173.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715358/; classtype:trojan-activity;sid:83578458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.72.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715356/; classtype:trojan-activity;sid:83578456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.32.172.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715355/; classtype:trojan-activity;sid:83578455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.201.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715354/; classtype:trojan-activity;sid:83578454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.72.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715353/; classtype:trojan-activity;sid:83578453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.112.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715352/; classtype:trojan-activity;sid:83578452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.57.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715351/; classtype:trojan-activity;sid:83578451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715350)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.175.62.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715350/; classtype:trojan-activity;sid:83578450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.79.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715349/; classtype:trojan-activity;sid:83578449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715348)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.109.83.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715348/; classtype:trojan-activity;sid:83578448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715347)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.218.74.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715347/; classtype:trojan-activity;sid:83578447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.62.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715346/; classtype:trojan-activity;sid:83578446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715345)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"160.119.156.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715345/; classtype:trojan-activity;sid:83578445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.62.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715344/; classtype:trojan-activity;sid:83578444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.53.99.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715343/; classtype:trojan-activity;sid:83578443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715342)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.48.140.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715342/; classtype:trojan-activity;sid:83578442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715341)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.196.91.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715341/; classtype:trojan-activity;sid:83578441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.117.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715340/; classtype:trojan-activity;sid:83578440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.212.142.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715339/; classtype:trojan-activity;sid:83578439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715338)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"174.180.65.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715338/; classtype:trojan-activity;sid:83578438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715337)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.234.109.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715337/; classtype:trojan-activity;sid:83578437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715336)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.190.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715336/; classtype:trojan-activity;sid:83578436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715335)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715335/; classtype:trojan-activity;sid:83578435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715333)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715333/; classtype:trojan-activity;sid:83578433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715334)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715334/; classtype:trojan-activity;sid:83578434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715329)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715329/; classtype:trojan-activity;sid:83578429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715330)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715330/; classtype:trojan-activity;sid:83578430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715331)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715331/; classtype:trojan-activity;sid:83578431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715332)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715332/; classtype:trojan-activity;sid:83578432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715326)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715326/; classtype:trojan-activity;sid:83578426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715327)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715327/; classtype:trojan-activity;sid:83578427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715328)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715328/; classtype:trojan-activity;sid:83578428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715324)"; flow:established,from_client; content:"GET"; http_method; content:"/0d79b00b81d1cdb5/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.140.147.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715324/; classtype:trojan-activity;sid:83578424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715325)"; flow:established,from_client; content:"GET"; http_method; content:"/9bdc8sq/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"193.42.32.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715325/; classtype:trojan-activity;sid:83578425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715310)"; flow:established,from_client; content:"GET"; http_method; content:"/0d79b00b81d1cdb5/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.140.147.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715310/; classtype:trojan-activity;sid:83578410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715311)"; flow:established,from_client; content:"GET"; http_method; content:"/063ec44b1db69f0e/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"217.196.96.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715311/; classtype:trojan-activity;sid:83578411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715312)"; flow:established,from_client; content:"GET"; http_method; content:"/0d79b00b81d1cdb5/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.140.147.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715312/; classtype:trojan-activity;sid:83578412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715313)"; flow:established,from_client; content:"GET"; http_method; content:"/0d79b00b81d1cdb5/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.140.147.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715313/; classtype:trojan-activity;sid:83578413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715314)"; flow:established,from_client; content:"GET"; http_method; content:"/063ec44b1db69f0e/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"217.196.96.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715314/; classtype:trojan-activity;sid:83578414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715315)"; flow:established,from_client; content:"GET"; http_method; content:"/063ec44b1db69f0e/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"217.196.96.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715315/; classtype:trojan-activity;sid:83578415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715316)"; flow:established,from_client; content:"GET"; http_method; content:"/0d79b00b81d1cdb5/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.140.147.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715316/; classtype:trojan-activity;sid:83578416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715317)"; flow:established,from_client; content:"GET"; http_method; content:"/063ec44b1db69f0e/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"217.196.96.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715317/; classtype:trojan-activity;sid:83578417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715318)"; flow:established,from_client; content:"GET"; http_method; content:"/063ec44b1db69f0e/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"217.196.96.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715318/; classtype:trojan-activity;sid:83578418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715319)"; flow:established,from_client; content:"GET"; http_method; content:"/0d79b00b81d1cdb5/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.140.147.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715319/; classtype:trojan-activity;sid:83578419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715320)"; flow:established,from_client; content:"GET"; http_method; content:"/0d79b00b81d1cdb5/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"45.140.147.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715320/; classtype:trojan-activity;sid:83578420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715321)"; flow:established,from_client; content:"GET"; http_method; content:"/063ec44b1db69f0e/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"217.196.96.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715321/; classtype:trojan-activity;sid:83578421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715322)"; flow:established,from_client; content:"GET"; http_method; content:"/063ec44b1db69f0e/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"217.196.96.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715322/; classtype:trojan-activity;sid:83578422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715323)"; flow:established,from_client; content:"GET"; http_method; content:"/9bdc8sq/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"193.42.32.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715323/; classtype:trojan-activity;sid:83578423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715309)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/plugins/cred64.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"77.91.124.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715309/; classtype:trojan-activity;sid:83578409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715308)"; flow:established,from_client; content:"GET"; http_method; content:"/api/v2/video/804838895.json"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"vimeo.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715308/; classtype:trojan-activity;sid:83578408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715295)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"i4ea1y.philipstelevisao.sa.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715295/; classtype:trojan-activity;sid:83578395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715296)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lwaipx.pioneertelevisao.sa.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715296/; classtype:trojan-activity;sid:83578396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715297)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1da5m.sharptelevisao.sa.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715297/; classtype:trojan-activity;sid:83578397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715298)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tma1u.viziotelevisao.sa.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715298/; classtype:trojan-activity;sid:83578398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715299)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a2uohe.viziotelevisao.sa.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715299/; classtype:trojan-activity;sid:83578399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715300)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"e9uevr.daewootelevisao.sa.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715300/; classtype:trojan-activity;sid:83578400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715301)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8seae1.panasonictelevisao.sa.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715301/; classtype:trojan-activity;sid:83578401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715302)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vwaei8.panasonictelevisao.sa.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715302/; classtype:trojan-activity;sid:83578402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715303)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"6eoee3.daewootelevisao.sa.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715303/; classtype:trojan-activity;sid:83578403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715304)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"g4aor6.jvctelevisao.sa.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715304/; classtype:trojan-activity;sid:83578404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715305)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"c6ea6t.westinghousetelevisao.sa.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715305/; classtype:trojan-activity;sid:83578405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715306)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8bagi.sharptelevisao.sa.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715306/; classtype:trojan-activity;sid:83578406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715307)"; flow:established,from_client; content:"GET"; http_method; content:"/packages/jrxpomjaswp.dat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"87.251.64.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715307/; classtype:trojan-activity;sid:83578407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715276)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"weeo1g.haiertelevisao.sa.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715276/; classtype:trojan-activity;sid:83578376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715277)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dwaorg.grundigtelevisao.sa.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715277/; classtype:trojan-activity;sid:83578377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715278)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ifa9b.sanyotelevisao.sa.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715278/; classtype:trojan-activity;sid:83578378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715279)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"zwagu.toshibatelevisao.sa.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715279/; classtype:trojan-activity;sid:83578379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715280)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"r5aedr.sonytelevisao.sa.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715280/; classtype:trojan-activity;sid:83578380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715281)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9jeew8.toshibatelevisao.sa.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715281/; classtype:trojan-activity;sid:83578381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715282)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"teo2r.hitachitelevisao.sa.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715282/; classtype:trojan-activity;sid:83578382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715283)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"7keuet.haiertelevisao.sa.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715283/; classtype:trojan-activity;sid:83578383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715284)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"jwetq.sanyotelevisao.sa.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715284/; classtype:trojan-activity;sid:83578384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715285)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"a5uue1.westinghousetelevisao.sa.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715285/; classtype:trojan-activity;sid:83578385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715286)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lweoyx.haiertelevisao.sa.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715286/; classtype:trojan-activity;sid:83578386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715287)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"beaiik.philipstelevisao.sa.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715287/; classtype:trojan-activity;sid:83578387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715288)"; flow:established,from_client; content:"GET"; http_method; content:"/c83t"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lead42.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715288/; classtype:trojan-activity;sid:83578388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715289)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1koijw.sonytelevisao.sa.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715289/; classtype:trojan-activity;sid:83578389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715290)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"4ja64.hisensetelevisao.sa.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715290/; classtype:trojan-activity;sid:83578390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715291)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"teo4r.hisensetelevisao.sa.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715291/; classtype:trojan-activity;sid:83578391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715292)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"waorm.hisensetelevisao.sa.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715292/; classtype:trojan-activity;sid:83578392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715293)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vsua5b.philipstelevisao.sa.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715293/; classtype:trojan-activity;sid:83578393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715294)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|1/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"aiutj.viziotelevisao.sa.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715294/; classtype:trojan-activity;sid:83578394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715275)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/2023.exe.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"nz.fr-address.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715275/; classtype:trojan-activity;sid:83578375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715273)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1157342312423239711/1157344467678933053/latsunagame.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715273/; classtype:trojan-activity;sid:83578373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715272)"; flow:established,from_client; content:"GET"; http_method; content:"/emkt_curso_775-5693/47940.024663/"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"6.109.192.35.bc.googleusercontent.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715272/; classtype:trojan-activity;sid:83578372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715271)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1154517559958315149/1157622743546728518/phobia_slend.rar"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715271/; classtype:trojan-activity;sid:83578371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715270)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715270/; classtype:trojan-activity;sid:83578370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715264)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715264/; classtype:trojan-activity;sid:83578364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715265)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715265/; classtype:trojan-activity;sid:83578365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715266)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715266/; classtype:trojan-activity;sid:83578366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715267)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715267/; classtype:trojan-activity;sid:83578367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715268)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715268/; classtype:trojan-activity;sid:83578368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715269)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.i486"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715269/; classtype:trojan-activity;sid:83578369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715259)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666348685|3f|hash=wamyka7gi3ureyvpwpfuwk50vmiuqrogfzrquezsetc|7c|26|7c|dl=nrli0bju2vfhwrbywfqdtufc0ltjix2zrh5hsalc5nh|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715259/; classtype:trojan-activity;sid:83578359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715260)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666288080|3f|hash=7hhzblnnstfhos1luytxlisihsrlfbhclnavw0gqdz0|7c|26|7c|dl=ri83nyd1mbdz41tzlkuxoi1mk4sfmwvlruhv2ikduew|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715260/; classtype:trojan-activity;sid:83578360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715261)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666348744|3f|hash=gsbvbrovtfzwvwcupcvwkomzpjam0zmx0ldrebanie4|7c|26|7c|dl=7fki00xwfqu39blfx32hyukythoffoqxrr40hcit4t4|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715261/; classtype:trojan-activity;sid:83578361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715262)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666348712|3f|hash=lmn9v4kiogkgunlgaz583gel1fmmasu5683puvy1z9d|7c|26|7c|dl=fgzzmkg1oj0dygazkmu4qux9lkgq59kt904bsheh4ud|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715262/; classtype:trojan-activity;sid:83578362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715263)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666334005|3f|hash=4jzptscwgsnkhi7qcikfokjzj2lyfpevwoqjkpbdvng|7c|26|7c|dl=zw79z3ubfvabdovcd6mkvrsanylcfd4nzwztzzsagez|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715263/; classtype:trojan-activity;sid:83578363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715255)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715255/; classtype:trojan-activity;sid:83578355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715256)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715256/; classtype:trojan-activity;sid:83578356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715257)"; flow:established,from_client; content:"GET"; http_method; content:"/web-api.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715257/; classtype:trojan-activity;sid:83578357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715258)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715258/; classtype:trojan-activity;sid:83578358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715250)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715250/; classtype:trojan-activity;sid:83578350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715251)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715251/; classtype:trojan-activity;sid:83578351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715252)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715252/; classtype:trojan-activity;sid:83578352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715253)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715253/; classtype:trojan-activity;sid:83578353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715254)"; flow:established,from_client; content:"GET"; http_method; content:"/mddos/mddos.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.150.26.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715254/; classtype:trojan-activity;sid:83578354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715249)"; flow:established,from_client; content:"GET"; http_method; content:"/e/scl/fi/6gtsp3qjf54lsec0piwvq/ml-r-s-ft-dg-s-tup.appx|3f|rlkey=hdm3apoi4n31v2rxruiosvtaa|7c|26|7c|dl=1"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715249/; classtype:trojan-activity;sid:83578349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715247)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666363216|3f|hash=w2cvzjphgojpwhshfhuxydrpry60rwlgbmszldf2wfo|7c|26|7c|dl=ikgeuneedcyo6dwjogjoz5it9sndhak3tmxggjjpjyo|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715247/; classtype:trojan-activity;sid:83578347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715248)"; flow:established,from_client; content:"GET"; http_method; content:"/osmesis/1829973585.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"server2-slabx.ocmtancmi2c5t.live"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715248/; classtype:trojan-activity;sid:83578348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715246)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"128.140.101.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715246/; classtype:trojan-activity;sid:83578346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715245)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/70d5e28f51c1438d94e3e6dc84b95311/xt/mmd/shell/borilpokonta2.1.exe"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"mail.treeoflifeadventures.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715245/; classtype:trojan-activity;sid:83578345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"160.119.156.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715244/; classtype:trojan-activity;sid:83578344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715243)"; flow:established,from_client; content:"GET"; http_method; content:"/sxkmarwet7vghj"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"149.102.231.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715243/; classtype:trojan-activity;sid:83578343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715242)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"edl.vizvaz.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715242/; classtype:trojan-activity;sid:83578342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715241)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adlio.faqserv.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715241/; classtype:trojan-activity;sid:83578341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715238)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adl-v.mrbasic.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715238/; classtype:trojan-activity;sid:83578338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715239)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adl-c.my03.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715239/; classtype:trojan-activity;sid:83578339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715240)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-v.faqserv.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715240/; classtype:trojan-activity;sid:83578340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715232)"; flow:established,from_client; content:"GET"; http_method; content:"/app1.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"adl-c.mrbonus.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715232/; classtype:trojan-activity;sid:83578332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715233)"; flow:established,from_client; content:"GET"; http_method; content:"/app1.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"adl.vizvaz.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715233/; classtype:trojan-activity;sid:83578333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715234)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adl-sd.fartit.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715234/; classtype:trojan-activity;sid:83578334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715235)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ir-ir.faqserv.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715235/; classtype:trojan-activity;sid:83578335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715236)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-c.mrbasic.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715236/; classtype:trojan-activity;sid:83578336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715237)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adl-lo.fartit.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715237/; classtype:trojan-activity;sid:83578337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715230)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-v.mrbonus.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715230/; classtype:trojan-activity;sid:83578330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715231)"; flow:established,from_client; content:"GET"; http_method; content:"/app1.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"adlg-aa.fartit.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715231/; classtype:trojan-activity;sid:83578331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715229)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adleh.mrface.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715229/; classtype:trojan-activity;sid:83578329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715228)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-a.mynetav.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715228/; classtype:trojan-activity;sid:83578328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715227)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.204.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715227/; classtype:trojan-activity;sid:83578327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715226)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.158.8.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715226/; classtype:trojan-activity;sid:83578326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715225)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.8.252"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715225/; classtype:trojan-activity;sid:83578325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.221.109.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715224/; classtype:trojan-activity;sid:83578324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715223)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.178.200.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715223/; classtype:trojan-activity;sid:83578323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715222)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.47.203.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715222/; classtype:trojan-activity;sid:83578322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715221)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.14.247"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715221/; classtype:trojan-activity;sid:83578321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715220/; classtype:trojan-activity;sid:83578320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715219)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.63.246.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715219/; classtype:trojan-activity;sid:83578319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.73.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715218/; classtype:trojan-activity;sid:83578318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.221.109.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715217/; classtype:trojan-activity;sid:83578317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.32.172.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715216/; classtype:trojan-activity;sid:83578316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715215)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"130.111.170.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715215/; classtype:trojan-activity;sid:83578315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.164.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715214/; classtype:trojan-activity;sid:83578314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715213)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.208.63.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715213/; classtype:trojan-activity;sid:83578313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.244.203.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715212/; classtype:trojan-activity;sid:83578312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"99.117.36.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715211/; classtype:trojan-activity;sid:83578311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.159.19.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715210/; classtype:trojan-activity;sid:83578310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.244.203.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715209/; classtype:trojan-activity;sid:83578309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715199)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.104.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715199/; classtype:trojan-activity;sid:83578299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715200)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"172.104.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715200/; classtype:trojan-activity;sid:83578300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715201)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.104.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715201/; classtype:trojan-activity;sid:83578301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715202)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.104.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715202/; classtype:trojan-activity;sid:83578302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715203)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.104.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715203/; classtype:trojan-activity;sid:83578303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715204)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"172.104.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715204/; classtype:trojan-activity;sid:83578304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715205)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"172.104.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715205/; classtype:trojan-activity;sid:83578305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715206)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.104.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715206/; classtype:trojan-activity;sid:83578306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715207)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"172.104.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715207/; classtype:trojan-activity;sid:83578307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715208)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"172.104.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715208/; classtype:trojan-activity;sid:83578308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715198)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.222.204.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715198/; classtype:trojan-activity;sid:83578298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715197)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.219.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715197/; classtype:trojan-activity;sid:83578297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.227.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715196/; classtype:trojan-activity;sid:83578296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715195)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/rfxroh.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715195/; classtype:trojan-activity;sid:83578295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715194)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.63.235.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715194/; classtype:trojan-activity;sid:83578294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.58.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715193/; classtype:trojan-activity;sid:83578293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.201.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715192/; classtype:trojan-activity;sid:83578292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715191)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"80.76.51.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715191/; classtype:trojan-activity;sid:83578291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.6.224.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715190/; classtype:trojan-activity;sid:83578290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.53.99.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715189/; classtype:trojan-activity;sid:83578289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715188)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.117.235.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715188/; classtype:trojan-activity;sid:83578288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715187)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.77.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715187/; classtype:trojan-activity;sid:83578287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715186)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.133.202.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715186/; classtype:trojan-activity;sid:83578286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.101.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715185/; classtype:trojan-activity;sid:83578285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.110.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715184/; classtype:trojan-activity;sid:83578284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715183)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.75.139.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715183/; classtype:trojan-activity;sid:83578283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715182)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.48.149.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715182/; classtype:trojan-activity;sid:83578282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.244.203.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715181/; classtype:trojan-activity;sid:83578281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715180)"; flow:established,from_client; content:"GET"; http_method; content:"/baf14778c246e15550645e30ba78ce1c.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"flyawayaero.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715180/; classtype:trojan-activity;sid:83578280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715179)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.173.24.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715179/; classtype:trojan-activity;sid:83578279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.40.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715178/; classtype:trojan-activity;sid:83578278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715177)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.175.154.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715177/; classtype:trojan-activity;sid:83578277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715176)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"afcsm.2023.ebeenj.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715176/; classtype:trojan-activity;sid:83578276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715175)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.238.73.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715175/; classtype:trojan-activity;sid:83578275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.225.163.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715174/; classtype:trojan-activity;sid:83578274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715173)"; flow:established,from_client; content:"GET"; http_method; content:"/paste-code/bqoy"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wtools.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715173/; classtype:trojan-activity;sid:83578273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.225.163.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_30; reference:url, urlhaus.abuse.ch/url/2715172/; classtype:trojan-activity;sid:83578272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715171)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715171/; classtype:trojan-activity;sid:83578271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715170)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.249.34.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715170/; classtype:trojan-activity;sid:83578270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715169)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.180.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715169/; classtype:trojan-activity;sid:83578269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715165)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.98.10.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715165/; classtype:trojan-activity;sid:83578265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715166)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715166/; classtype:trojan-activity;sid:83578266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715167)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715167/; classtype:trojan-activity;sid:83578267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715168)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.98.10.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715168/; classtype:trojan-activity;sid:83578268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715164)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715164/; classtype:trojan-activity;sid:83578264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.57.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715163/; classtype:trojan-activity;sid:83578263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715162)"; flow:established,from_client; content:"GET"; http_method; content:"/theme/plugins/clip64.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"77.91.124.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715162/; classtype:trojan-activity;sid:83578262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715161)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.175.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715161/; classtype:trojan-activity;sid:83578261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715160)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715160/; classtype:trojan-activity;sid:83578260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715159)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"60.248.166.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715159/; classtype:trojan-activity;sid:83578259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715158)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.153.96.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715158/; classtype:trojan-activity;sid:83578258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715157)"; flow:established,from_client; content:"GET"; http_method; content:"/subscribeevent"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"3f15f.diary.lojjh.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715157/; classtype:trojan-activity;sid:83578257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715156)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"198.71.107.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715156/; classtype:trojan-activity;sid:83578256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.98.10.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715150/; classtype:trojan-activity;sid:83578250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715151)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715151/; classtype:trojan-activity;sid:83578251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715152)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715152/; classtype:trojan-activity;sid:83578252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715153)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715153/; classtype:trojan-activity;sid:83578253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715154)"; flow:established,from_client; content:"GET"; http_method; content:"/fuza/herom.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.91.68.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715154/; classtype:trojan-activity;sid:83578254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715155)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.98.10.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715155/; classtype:trojan-activity;sid:83578255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715149)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715149/; classtype:trojan-activity;sid:83578249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.98.10.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715147/; classtype:trojan-activity;sid:83578247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.57.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715148/; classtype:trojan-activity;sid:83578248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715146)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.186.165.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715146/; classtype:trojan-activity;sid:83578246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.72.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715145/; classtype:trojan-activity;sid:83578245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715144)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.108.105.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715144/; classtype:trojan-activity;sid:83578244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715143/; classtype:trojan-activity;sid:83578243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715142)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.225.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715142/; classtype:trojan-activity;sid:83578242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.72.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715141/; classtype:trojan-activity;sid:83578241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715140)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715140/; classtype:trojan-activity;sid:83578240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.72.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715139/; classtype:trojan-activity;sid:83578239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715138)"; flow:established,from_client; content:"GET"; http_method; content:"/fuza/foto1221.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"77.91.68.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715138/; classtype:trojan-activity;sid:83578238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715137)"; flow:established,from_client; content:"GET"; http_method; content:"/fuza/kus.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.91.68.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715137/; classtype:trojan-activity;sid:83578237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715136)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.134.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715136/; classtype:trojan-activity;sid:83578236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715132)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715132/; classtype:trojan-activity;sid:83578232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715133)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715133/; classtype:trojan-activity;sid:83578233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715134)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715134/; classtype:trojan-activity;sid:83578234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715135)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715135/; classtype:trojan-activity;sid:83578235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715129)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715129/; classtype:trojan-activity;sid:83578229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715130)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715130/; classtype:trojan-activity;sid:83578230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715131)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715131/; classtype:trojan-activity;sid:83578231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715126)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715126/; classtype:trojan-activity;sid:83578226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715127)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715127/; classtype:trojan-activity;sid:83578227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715128)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715128/; classtype:trojan-activity;sid:83578228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.72.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715125/; classtype:trojan-activity;sid:83578225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715124)"; flow:established,from_client; content:"GET"; http_method; content:"/90/mtdocs.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"192.3.23.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715124/; classtype:trojan-activity;sid:83578224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715123)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715123/; classtype:trojan-activity;sid:83578223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715122)"; flow:established,from_client; content:"GET"; http_method; content:"/fuza/exbo.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"77.91.68.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715122/; classtype:trojan-activity;sid:83578222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.74.25.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715121/; classtype:trojan-activity;sid:83578221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.79.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715120/; classtype:trojan-activity;sid:83578220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715119)"; flow:established,from_client; content:"GET"; http_method; content:"/smo/exbo.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.91.68.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715119/; classtype:trojan-activity;sid:83578219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715118)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.204.151.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715118/; classtype:trojan-activity;sid:83578218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.221.109.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715117/; classtype:trojan-activity;sid:83578217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715114)"; flow:established,from_client; content:"GET"; http_method; content:"/files/umm.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"85.217.144.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715114/; classtype:trojan-activity;sid:83578214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715115)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.225.74.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715115/; classtype:trojan-activity;sid:83578215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715116)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.225.74.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715116/; classtype:trojan-activity;sid:83578216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715113)"; flow:established,from_client; content:"GET"; http_method; content:"/files/amadey.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.217.144.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715113/; classtype:trojan-activity;sid:83578213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715110)"; flow:established,from_client; content:"GET"; http_method; content:"/files/umm2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.217.144.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715110/; classtype:trojan-activity;sid:83578210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715111)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715111/; classtype:trojan-activity;sid:83578211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715112)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rby1.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"85.217.144.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715112/; classtype:trojan-activity;sid:83578212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715109)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/geuhlhv0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715109/; classtype:trojan-activity;sid:83578209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715108)"; flow:established,from_client; content:"GET"; http_method; content:"/updater.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.106.223.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715108/; classtype:trojan-activity;sid:83578208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.221.109.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715107/; classtype:trojan-activity;sid:83578207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715102)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.225.74.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715102/; classtype:trojan-activity;sid:83578202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715103)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.225.74.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715103/; classtype:trojan-activity;sid:83578203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715104)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.225.74.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715104/; classtype:trojan-activity;sid:83578204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715105)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.225.74.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715105/; classtype:trojan-activity;sid:83578205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715106)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.225.74.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715106/; classtype:trojan-activity;sid:83578206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715099)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.225.74.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715099/; classtype:trojan-activity;sid:83578199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715100)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.225.74.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715100/; classtype:trojan-activity;sid:83578200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715101)"; flow:established,from_client; content:"GET"; http_method; content:"/tl/lu47821.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.161.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715101/; classtype:trojan-activity;sid:83578201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715098)"; flow:established,from_client; content:"GET"; http_method; content:"/lug.vbs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.161.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715098/; classtype:trojan-activity;sid:83578198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715097)"; flow:established,from_client; content:"GET"; http_method; content:"/paste-code/bqoa"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wtools.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715097/; classtype:trojan-activity;sid:83578197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715096)"; flow:established,from_client; content:"GET"; http_method; content:"/120/tiworker.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.3.23.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715096/; classtype:trojan-activity;sid:83578196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715095)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.36.190.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715095/; classtype:trojan-activity;sid:83578195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715094)"; flow:established,from_client; content:"GET"; http_method; content:"/155/audiodg.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.3.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715094/; classtype:trojan-activity;sid:83578194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715093)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.225.74.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715093/; classtype:trojan-activity;sid:83578193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715092)"; flow:established,from_client; content:"GET"; http_method; content:"/185.28.39.18/rankobazx.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.28.39.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715092/; classtype:trojan-activity;sid:83578192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715091)"; flow:established,from_client; content:"GET"; http_method; content:"/greeecousinnnnnnnfrilpulgj0oza9nc7db.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"193.42.33.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715091/; classtype:trojan-activity;sid:83578191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715090)"; flow:established,from_client; content:"GET"; http_method; content:"/verbose.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.208.104.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715090/; classtype:trojan-activity;sid:83578190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.79.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715089/; classtype:trojan-activity;sid:83578189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.187.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715088/; classtype:trojan-activity;sid:83578188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715087)"; flow:established,from_client; content:"GET"; http_method; content:"/app1.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sah-adl.my03.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715087/; classtype:trojan-activity;sid:83578187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715086)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-l.fartit.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715086/; classtype:trojan-activity;sid:83578186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715081)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ad-l.mrface.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715081/; classtype:trojan-activity;sid:83578181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715082)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adl-i-r.fartit.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715082/; classtype:trojan-activity;sid:83578182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715083)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl--ir.fartit.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715083/; classtype:trojan-activity;sid:83578183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715084)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ad-lo.faqserv.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715084/; classtype:trojan-activity;sid:83578184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715085)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adl-irm.fartit.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715085/; classtype:trojan-activity;sid:83578185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715080)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"iran-kjir.itsaol.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715080/; classtype:trojan-activity;sid:83578180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715079)"; flow:established,from_client; content:"GET"; http_method; content:"/cqbmsn7zz0p6a7k.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"193.42.33.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715079/; classtype:trojan-activity;sid:83578179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715078)"; flow:established,from_client; content:"GET"; http_method; content:"/185.28.39.18/tedzx.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.28.39.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715078/; classtype:trojan-activity;sid:83578178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715077)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/ja8drj17aq2.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715077/; classtype:trojan-activity;sid:83578177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715076)"; flow:established,from_client; content:"GET"; http_method; content:"/zw/wtwvjbwnht.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.3.179.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715076/; classtype:trojan-activity;sid:83578176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715074)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.128.232.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715074/; classtype:trojan-activity;sid:83578174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715075)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.128.232.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715075/; classtype:trojan-activity;sid:83578175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715073)"; flow:established,from_client; content:"GET"; http_method; content:"/nix.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.110.48.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715073/; classtype:trojan-activity;sid:83578173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715072)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715072/; classtype:trojan-activity;sid:83578172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715070)"; flow:established,from_client; content:"GET"; http_method; content:"/110/tiworker.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"192.3.23.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715070/; classtype:trojan-activity;sid:83578170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715071)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.24.153.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715071/; classtype:trojan-activity;sid:83578171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715067)"; flow:established,from_client; content:"GET"; http_method; content:"/vy7nqpndcvut7sy.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"193.42.33.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715067/; classtype:trojan-activity;sid:83578167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715068)"; flow:established,from_client; content:"GET"; http_method; content:"/210/audiodg.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.172.75.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715068/; classtype:trojan-activity;sid:83578168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715069)"; flow:established,from_client; content:"GET"; http_method; content:"/185.28.39.18/prosperzx.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.28.39.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715069/; classtype:trojan-activity;sid:83578169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"80.76.51.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715063/; classtype:trojan-activity;sid:83578163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.36.81.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715064/; classtype:trojan-activity;sid:83578164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"80.76.51.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715065/; classtype:trojan-activity;sid:83578165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"80.76.51.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715066/; classtype:trojan-activity;sid:83578166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.88.90.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715062/; classtype:trojan-activity;sid:83578162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"80.76.51.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715058/; classtype:trojan-activity;sid:83578158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"80.76.51.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715059/; classtype:trojan-activity;sid:83578159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715060)"; flow:established,from_client; content:"GET"; http_method; content:"/download/rise/stealerclient_cpp.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"171.22.28.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715060/; classtype:trojan-activity;sid:83578160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.36.81.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715061/; classtype:trojan-activity;sid:83578161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715057)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"80.76.51.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715057/; classtype:trojan-activity;sid:83578157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715051)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.88.90.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715051/; classtype:trojan-activity;sid:83578151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715052)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"80.76.51.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715052/; classtype:trojan-activity;sid:83578152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.36.81.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715053/; classtype:trojan-activity;sid:83578153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715054)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"80.76.51.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715054/; classtype:trojan-activity;sid:83578154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715055)"; flow:established,from_client; content:"GET"; http_method; content:"/download/rise/stealerclient_sharp.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"171.22.28.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715055/; classtype:trojan-activity;sid:83578155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.36.81.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715056/; classtype:trojan-activity;sid:83578156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715050)"; flow:established,from_client; content:"GET"; http_method; content:"/download/www14_64.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"171.22.28.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715050/; classtype:trojan-activity;sid:83578150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715049)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"80.76.51.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715049/; classtype:trojan-activity;sid:83578149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"80.76.51.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715044/; classtype:trojan-activity;sid:83578144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715045)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.36.81.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715045/; classtype:trojan-activity;sid:83578145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715046)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.36.81.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715046/; classtype:trojan-activity;sid:83578146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.36.81.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715047/; classtype:trojan-activity;sid:83578147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715048)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.181.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715048/; classtype:trojan-activity;sid:83578148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715043)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666265470|3f|hash=eikzpxuruhdp3zpfufeqoblmml1w2gsxfd9lkkozqtt|7c|26|7c|dl=i0js5zz1njiqwm3arjzaqofmuh1tzepq2bezoco2nv4|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715043/; classtype:trojan-activity;sid:83578143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715042)"; flow:established,from_client; content:"GET"; http_method; content:"/alteredcasbon7rvumklvxuaoxru.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"193.42.33.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715042/; classtype:trojan-activity;sid:83578142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.90.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715041/; classtype:trojan-activity;sid:83578141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.128.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715040/; classtype:trojan-activity;sid:83578140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715039)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.54.130.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715039/; classtype:trojan-activity;sid:83578139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715038)"; flow:established,from_client; content:"GET"; http_method; content:"/ship.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.42.65.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715038/; classtype:trojan-activity;sid:83578138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715037)"; flow:established,from_client; content:"GET"; http_method; content:"/help/index.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715037/; classtype:trojan-activity;sid:83578137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715036)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715036/; classtype:trojan-activity;sid:83578136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715035)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/3231322212.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715035/; classtype:trojan-activity;sid:83578135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715034)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/uniqtraff.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715034/; classtype:trojan-activity;sid:83578134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715033)"; flow:established,from_client; content:"GET"; http_method; content:"/files/rby1.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.42.32.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715033/; classtype:trojan-activity;sid:83578133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715032)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.98.10.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715032/; classtype:trojan-activity;sid:83578132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715031)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/elize123.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715031/; classtype:trojan-activity;sid:83578131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715030)"; flow:established,from_client; content:"GET"; http_method; content:"/bas/rainn.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.180.49.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715030/; classtype:trojan-activity;sid:83578130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715025/; classtype:trojan-activity;sid:83578125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.98.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715026/; classtype:trojan-activity;sid:83578126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715027)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715027/; classtype:trojan-activity;sid:83578127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.98.10.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715028/; classtype:trojan-activity;sid:83578128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715029/; classtype:trojan-activity;sid:83578129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.98.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715024/; classtype:trojan-activity;sid:83578124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715023)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"81.161.229.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715023/; classtype:trojan-activity;sid:83578123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715022)"; flow:established,from_client; content:"GET"; http_method; content:"/185.28.39.18/agodzx.doc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.28.39.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715022/; classtype:trojan-activity;sid:83578122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.98.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715021/; classtype:trojan-activity;sid:83578121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715016)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715016/; classtype:trojan-activity;sid:83578116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715017)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715017/; classtype:trojan-activity;sid:83578117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715018)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715018/; classtype:trojan-activity;sid:83578118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.98.10.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715019/; classtype:trojan-activity;sid:83578119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715020/; classtype:trojan-activity;sid:83578120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715015)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666326536|3f|hash=rjxxx4ntwzojpdm1rbozv0mnzkjkspinczvbfm7fugs|7c|26|7c|dl=xla71npcoiejaswcr6aet2srexvghh8tobiai24d3yw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715015/; classtype:trojan-activity;sid:83578115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715014)"; flow:established,from_client; content:"GET"; http_method; content:"/calc2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"isaiahbenjamin.top"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715014/; classtype:trojan-activity;sid:83578114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715013)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666326545|3f|hash=sys3a4vzea6oopqv2bdmzdzcry1zzzvzswkomuizgph|7c|26|7c|dl=9yvv5gina4fsl9tfr95izk8dozoa4nbjbalracxumog|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715013/; classtype:trojan-activity;sid:83578113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715012)"; flow:established,from_client; content:"GET"; http_method; content:"/files/umm2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.42.32.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715012/; classtype:trojan-activity;sid:83578112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715011)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.181.80.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715011/; classtype:trojan-activity;sid:83578111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.82.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715010/; classtype:trojan-activity;sid:83578110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715009)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/ja8drj17aq21234.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715009/; classtype:trojan-activity;sid:83578109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715008)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.9.149"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715008/; classtype:trojan-activity;sid:83578108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715007)"; flow:established,from_client; content:"GET"; http_method; content:"/wew/i0oiioioi0ioii0oiioi0ioiooi0i00i0i0iooi0ioi0ioi0oi0ioi0000%23%23%23%23%23%23%23%23%23%23%23%23%23%230000000%23%23%23%23%23%23%23%23%23%23%23%23%23%230000000.doc"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"50.3.182.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715007/; classtype:trojan-activity;sid:83578107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715004)"; flow:established,from_client; content:"GET"; http_method; content:"/exploitprivate/goatedinvagina.vbs"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"193.42.33.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715004/; classtype:trojan-activity;sid:83578104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715005)"; flow:established,from_client; content:"GET"; http_method; content:"/160/audiodg.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.3.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715005/; classtype:trojan-activity;sid:83578105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715006)"; flow:established,from_client; content:"GET"; http_method; content:"/350/audiodg.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"50.3.182.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715006/; classtype:trojan-activity;sid:83578106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715003)"; flow:established,from_client; content:"GET"; http_method; content:"/exploitprivate/x.xx.x.x.doc"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"193.42.33.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715003/; classtype:trojan-activity;sid:83578103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715002)"; flow:established,from_client; content:"GET"; http_method; content:"/new/foto1221.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"77.91.68.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715002/; classtype:trojan-activity;sid:83578102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715001)"; flow:established,from_client; content:"GET"; http_method; content:"/smo/expo.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.91.68.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715001/; classtype:trojan-activity;sid:83578101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.58.93.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2715000/; classtype:trojan-activity;sid:83578100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714999)"; flow:established,from_client; content:"GET"; http_method; content:"/200/audiodg.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.172.75.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714999/; classtype:trojan-activity;sid:83578099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714998)"; flow:established,from_client; content:"GET"; http_method; content:"/660/audiodg.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.228.126.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714998/; classtype:trojan-activity;sid:83578098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.167.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714997/; classtype:trojan-activity;sid:83578097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714995)"; flow:established,from_client; content:"GET"; http_method; content:"/whttp/4/ioi0ioio0oioio0ioi0ioi0i0000000%23%23%23%23%23%23%23%23%23%23%23%23%23%23000000000000000000%23%23%23%23%23%23%23%23%23%23%23%23%23%2300000000.doc"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"103.182.16.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714995/; classtype:trojan-activity;sid:83578095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714996)"; flow:established,from_client; content:"GET"; http_method; content:"/whttp/4/md.doc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.182.16.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714996/; classtype:trojan-activity;sid:83578096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714994)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.159.255.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714994/; classtype:trojan-activity;sid:83578094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.132.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714993/; classtype:trojan-activity;sid:83578093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.94.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714992/; classtype:trojan-activity;sid:83578092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.122.238.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714991/; classtype:trojan-activity;sid:83578091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714990)"; flow:established,from_client; content:"GET"; http_method; content:"/download/services.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"171.22.28.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714990/; classtype:trojan-activity;sid:83578090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714989)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.133.171.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714989/; classtype:trojan-activity;sid:83578089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714988)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/toolspub1.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"galandskiyher3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714988/; classtype:trojan-activity;sid:83578088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714987)"; flow:established,from_client; content:"GET"; http_method; content:"/385118/setup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hbn42414.beget.tech"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714987/; classtype:trojan-activity;sid:83578087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714986)"; flow:established,from_client; content:"GET"; http_method; content:"/api/files/software/s5.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"5.42.64.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714986/; classtype:trojan-activity;sid:83578086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714985)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/asca1ex1234.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714985/; classtype:trojan-activity;sid:83578085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714984)"; flow:established,from_client; content:"GET"; http_method; content:"/save.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"blindsportssa.org.au"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714984/; classtype:trojan-activity;sid:83578084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714983)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/birza.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714983/; classtype:trojan-activity;sid:83578083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714982)"; flow:established,from_client; content:"GET"; http_method; content:"/bas/rrain.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"194.180.49.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714982/; classtype:trojan-activity;sid:83578082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714981)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/windhcp.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714981/; classtype:trojan-activity;sid:83578081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714969)"; flow:established,from_client; content:"GET"; http_method; content:"/777/skxm7qc.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714969/; classtype:trojan-activity;sid:83578069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714970)"; flow:established,from_client; content:"GET"; http_method; content:"/777/mtxhkts.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714970/; classtype:trojan-activity;sid:83578070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714971)"; flow:established,from_client; content:"GET"; http_method; content:"/777/mtxyqhr.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714971/; classtype:trojan-activity;sid:83578071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714972)"; flow:established,from_client; content:"GET"; http_method; content:"/777/skxlxar.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714972/; classtype:trojan-activity;sid:83578072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714973)"; flow:established,from_client; content:"GET"; http_method; content:"/777/skxkuqm.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714973/; classtype:trojan-activity;sid:83578073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714974)"; flow:established,from_client; content:"GET"; http_method; content:"/777/skx1vhn.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714974/; classtype:trojan-activity;sid:83578074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714975)"; flow:established,from_client; content:"GET"; http_method; content:"/777/skxtca1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714975/; classtype:trojan-activity;sid:83578075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714976)"; flow:established,from_client; content:"GET"; http_method; content:"/777/mtxtrro.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714976/; classtype:trojan-activity;sid:83578076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714977)"; flow:established,from_client; content:"GET"; http_method; content:"/777/mtx1ixh.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714977/; classtype:trojan-activity;sid:83578077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714978)"; flow:established,from_client; content:"GET"; http_method; content:"/777/skxnmxy.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714978/; classtype:trojan-activity;sid:83578078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714979)"; flow:established,from_client; content:"GET"; http_method; content:"/777/mtx3uc3.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714979/; classtype:trojan-activity;sid:83578079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714980)"; flow:established,from_client; content:"GET"; http_method; content:"/777/mtxkgib.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714980/; classtype:trojan-activity;sid:83578080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714967)"; flow:established,from_client; content:"GET"; http_method; content:"/777/skxqbea.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714967/; classtype:trojan-activity;sid:83578067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714968)"; flow:established,from_client; content:"GET"; http_method; content:"/777/mtxmdbx.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mksad917.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714968/; classtype:trojan-activity;sid:83578068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714966)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.115.83.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714966/; classtype:trojan-activity;sid:83578066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714965)"; flow:established,from_client; content:"GET"; http_method; content:"/ngtow.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.110.48.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714965/; classtype:trojan-activity;sid:83578065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714964)"; flow:established,from_client; content:"GET"; http_method; content:"/afkjo.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.110.48.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714964/; classtype:trojan-activity;sid:83578064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714963)"; flow:established,from_client; content:"GET"; http_method; content:"/smito.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.110.48.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714963/; classtype:trojan-activity;sid:83578063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714962)"; flow:established,from_client; content:"GET"; http_method; content:"/ndert.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.110.48.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714962/; classtype:trojan-activity;sid:83578062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714961)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/616/609/original/rump_vbs.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714961/; classtype:trojan-activity;sid:83578061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714958)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"a-dld.vizvaz.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714958/; classtype:trojan-activity;sid:83578058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714959)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adpggf.faqserv.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714959/; classtype:trojan-activity;sid:83578059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714960)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-gid.otzo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714960/; classtype:trojan-activity;sid:83578060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714957)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1156997398246211655/1156997732318318643/latsunagame.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714957/; classtype:trojan-activity;sid:83578057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714956)"; flow:established,from_client; content:"GET"; http_method; content:"/112"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714956/; classtype:trojan-activity;sid:83578056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714952)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-bnx.faqserv.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714952/; classtype:trojan-activity;sid:83578052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714953)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666293836|3f|hash=kalyo0nkzgx06gzu0paw6fqfzj1mvevzcepyfpveayk|7c|26|7c|dl=0bhuzzq3jiismt6ryqsk7nzkiwmz8b3g2jqld7mkftl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714953/; classtype:trojan-activity;sid:83578053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714954)"; flow:established,from_client; content:"GET"; http_method; content:"/kukri.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.150.26.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714954/; classtype:trojan-activity;sid:83578054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714955)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666286269|3f|hash=ltvojse9xsis9c8shwxpgfzzeeyfl1zullvgud5wvxw|7c|26|7c|dl=4kyemugfsdnkpijumnhtckj5di6oa02oc3p0qd1li1d|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714955/; classtype:trojan-activity;sid:83578055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714948)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666301335|3f|hash=eh2upllejutbdigpusatx0t8znxs7bbobxfmvigu6co|7c|26|7c|dl=kaulrbzpygbbykazzhwcc4gopyjavpzvlja8ihec6n8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714948/; classtype:trojan-activity;sid:83578048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714949)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666247384|3f|hash=62asqeppxuorijnqpncqayqixdczylzeibpzhl2stuh|7c|26|7c|dl=imxr6u0szuz35nxqjjwcxqwl84hn9pljkbocaly3jrp|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714949/; classtype:trojan-activity;sid:83578049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714950)"; flow:established,from_client; content:"GET"; http_method; content:"/kukri.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.150.26.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714950/; classtype:trojan-activity;sid:83578050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714951)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666294895|3f|hash=mrfrxq1qy2cqxzmjswb2ifsnzfn6ol4lra0ujlnvtcg|7c|26|7c|dl=kqd3oucijkmps3n5suzywbo56zmpcftaa3gtomd22rc|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714951/; classtype:trojan-activity;sid:83578051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714945)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-ghs.faqserv.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714945/; classtype:trojan-activity;sid:83578045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714946)"; flow:established,from_client; content:"GET"; http_method; content:"/kukri.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.150.26.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714946/; classtype:trojan-activity;sid:83578046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714947)"; flow:established,from_client; content:"GET"; http_method; content:"/kukri.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.150.26.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714947/; classtype:trojan-activity;sid:83578047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714941)"; flow:established,from_client; content:"GET"; http_method; content:"/kukri.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.150.26.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714941/; classtype:trojan-activity;sid:83578041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714942)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sahmnx.mynetav.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714942/; classtype:trojan-activity;sid:83578042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714943)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sahlmnh.vizvaz.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714943/; classtype:trojan-activity;sid:83578043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714944)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sadldh.mrface.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714944/; classtype:trojan-activity;sid:83578044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714930)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adl-gh.fartit.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714930/; classtype:trojan-activity;sid:83578030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714931)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"saldhg.my03.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714931/; classtype:trojan-activity;sid:83578031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714932)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adl-jh.my03.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714932/; classtype:trojan-activity;sid:83578032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714933)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sahmadl.faqserv.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714933/; classtype:trojan-activity;sid:83578033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714934)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"da-ir.fartit.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714934/; classtype:trojan-activity;sid:83578034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714935)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adlisgwg.itsaol.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714935/; classtype:trojan-activity;sid:83578035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714936)"; flow:established,from_client; content:"GET"; http_method; content:"/app1.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"saghmn.faqserv.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714936/; classtype:trojan-activity;sid:83578036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714937)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adl-fa.fartit.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714937/; classtype:trojan-activity;sid:83578037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714938)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sahmnl.mynetav.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714938/; classtype:trojan-activity;sid:83578038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714939)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sahln.vizvaz.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714939/; classtype:trojan-activity;sid:83578039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.221.109.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714929/; classtype:trojan-activity;sid:83578029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714928)"; flow:established,from_client; content:"GET"; http_method; content:"/n0ojneoifgxxi6gmdkhnzfvmaplq/fix.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"23.106.223.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714928/; classtype:trojan-activity;sid:83578028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.122.238.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714927/; classtype:trojan-activity;sid:83578027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.244.203.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714926/; classtype:trojan-activity;sid:83578026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.122.236.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714925/; classtype:trojan-activity;sid:83578025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714924)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"160.119.158.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714924/; classtype:trojan-activity;sid:83578024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.244.203.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714923/; classtype:trojan-activity;sid:83578023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.89.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714922/; classtype:trojan-activity;sid:83578022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.152.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714921/; classtype:trojan-activity;sid:83578021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714920)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.213.231.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714920/; classtype:trojan-activity;sid:83578020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.181.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714918/; classtype:trojan-activity;sid:83578018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714919)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.8.210.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714919/; classtype:trojan-activity;sid:83578019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714912)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.181.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714912/; classtype:trojan-activity;sid:83578012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"95.181.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714913/; classtype:trojan-activity;sid:83578013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.181.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714914/; classtype:trojan-activity;sid:83578014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.181.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714915/; classtype:trojan-activity;sid:83578015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.181.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714916/; classtype:trojan-activity;sid:83578016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.181.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714917/; classtype:trojan-activity;sid:83578017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.181.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714907/; classtype:trojan-activity;sid:83578007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.181.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714908/; classtype:trojan-activity;sid:83578008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"95.181.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714909/; classtype:trojan-activity;sid:83578009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.181.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714910/; classtype:trojan-activity;sid:83578010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"95.181.173.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714911/; classtype:trojan-activity;sid:83578011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.122.236.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714906/; classtype:trojan-activity;sid:83578006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714905)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/vlxx.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"207.174.22.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714905/; classtype:trojan-activity;sid:83578005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.156.127.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714904/; classtype:trojan-activity;sid:83578004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714894)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.103.229.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714894/; classtype:trojan-activity;sid:83577994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714895)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.103.229.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714895/; classtype:trojan-activity;sid:83577995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714896)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.103.229.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714896/; classtype:trojan-activity;sid:83577996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714897)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.103.229.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714897/; classtype:trojan-activity;sid:83577997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714898)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.103.229.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714898/; classtype:trojan-activity;sid:83577998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714899)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.103.229.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714899/; classtype:trojan-activity;sid:83577999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714900)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.103.229.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714900/; classtype:trojan-activity;sid:83578000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714901)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.103.229.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714901/; classtype:trojan-activity;sid:83578001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714902)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.103.229.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714902/; classtype:trojan-activity;sid:83578002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714903)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.103.229.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714903/; classtype:trojan-activity;sid:83578003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714893)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.248.248.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714893/; classtype:trojan-activity;sid:83577993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714892)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.25.109.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714892/; classtype:trojan-activity;sid:83577992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"65.188.248.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714891/; classtype:trojan-activity;sid:83577991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.74.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714890/; classtype:trojan-activity;sid:83577990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714889/; classtype:trojan-activity;sid:83577989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714886)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.67.197.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714886/; classtype:trojan-activity;sid:83577986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714887)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.67.197.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714887/; classtype:trojan-activity;sid:83577987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714888)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.67.197.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714888/; classtype:trojan-activity;sid:83577988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714878)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.67.197.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714878/; classtype:trojan-activity;sid:83577978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714879)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.67.197.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714879/; classtype:trojan-activity;sid:83577979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714880)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.67.197.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714880/; classtype:trojan-activity;sid:83577980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714881)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.67.197.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714881/; classtype:trojan-activity;sid:83577981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714882)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.67.197.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714882/; classtype:trojan-activity;sid:83577982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714883)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.67.197.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714883/; classtype:trojan-activity;sid:83577983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714884)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.67.197.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714884/; classtype:trojan-activity;sid:83577984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714885)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.67.197.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714885/; classtype:trojan-activity;sid:83577985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.122.238.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714877/; classtype:trojan-activity;sid:83577977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714876)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.243.67.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714876/; classtype:trojan-activity;sid:83577976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714875)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.15.133"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714875/; classtype:trojan-activity;sid:83577975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.32.172.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714873/; classtype:trojan-activity;sid:83577973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.14.79.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714874/; classtype:trojan-activity;sid:83577974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.91.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714872/; classtype:trojan-activity;sid:83577972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.122.232.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714871/; classtype:trojan-activity;sid:83577971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714870)"; flow:established,from_client; content:"GET"; http_method; content:"/afkjo.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.110.48.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714870/; classtype:trojan-activity;sid:83577970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.173.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714869/; classtype:trojan-activity;sid:83577969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714868)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"187.153.178.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714868/; classtype:trojan-activity;sid:83577968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714867)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.79.135.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714867/; classtype:trojan-activity;sid:83577967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714866)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.8.251"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714866/; classtype:trojan-activity;sid:83577966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.215.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714865/; classtype:trojan-activity;sid:83577965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.82.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714864/; classtype:trojan-activity;sid:83577964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714863)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714863/; classtype:trojan-activity;sid:83577963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714861)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714861/; classtype:trojan-activity;sid:83577961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714862)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.94.92.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714862/; classtype:trojan-activity;sid:83577962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714860)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.135.249.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714860/; classtype:trojan-activity;sid:83577960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714859)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mibkbjh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714859/; classtype:trojan-activity;sid:83577959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714858)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zgwqx.2023.ebeenj.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714858/; classtype:trojan-activity;sid:83577958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714857)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.154.206.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714857/; classtype:trojan-activity;sid:83577957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714856)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pxv.2023.ebeenj.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714856/; classtype:trojan-activity;sid:83577956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714854)"; flow:established,from_client; content:"GET"; http_method; content:"/byvazrokfclwdga48.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"172.93.187.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714854/; classtype:trojan-activity;sid:83577954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714855)"; flow:established,from_client; content:"GET"; http_method; content:"/vozujldjfufjustzux202.bin"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"172.93.187.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714855/; classtype:trojan-activity;sid:83577955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714852)"; flow:established,from_client; content:"GET"; http_method; content:"/sqqhvldmkkqhpqwccuemm227.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"74.84.150.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714852/; classtype:trojan-activity;sid:83577952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714853)"; flow:established,from_client; content:"GET"; http_method; content:"/lfdpv162.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.84.150.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714853/; classtype:trojan-activity;sid:83577953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714851)"; flow:established,from_client; content:"GET"; http_method; content:"/88/sgnwsgm.wav"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dolowack.webd.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714851/; classtype:trojan-activity;sid:83577951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714850)"; flow:established,from_client; content:"GET"; http_method; content:"/t5/ygwypfu.mp3"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dolowack.webd.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714850/; classtype:trojan-activity;sid:83577950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714848)"; flow:established,from_client; content:"GET"; http_method; content:"/herunterladen/panel/uploads/mvpidvqk.dll"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"dolowack.webd.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714848/; classtype:trojan-activity;sid:83577948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714849)"; flow:established,from_client; content:"GET"; http_method; content:"/herunterladen/panel/uploads/zhejrdg.png"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"dolowack.webd.pro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714849/; classtype:trojan-activity;sid:83577949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714847)"; flow:established,from_client; content:"GET"; http_method; content:"/hymepvyzxyx53.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.237.86.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714847/; classtype:trojan-activity;sid:83577947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714846)"; flow:established,from_client; content:"GET"; http_method; content:"/bdgtaxpgm113.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.237.86.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714846/; classtype:trojan-activity;sid:83577946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714845)"; flow:established,from_client; content:"GET"; http_method; content:"/05b85f6a6b0e9444/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"208.91.189.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714845/; classtype:trojan-activity;sid:83577945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714844)"; flow:established,from_client; content:"GET"; http_method; content:"/05b85f6a6b0e9444/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"208.91.189.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714844/; classtype:trojan-activity;sid:83577944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714843)"; flow:established,from_client; content:"GET"; http_method; content:"/05b85f6a6b0e9444/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"208.91.189.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714843/; classtype:trojan-activity;sid:83577943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714842)"; flow:established,from_client; content:"GET"; http_method; content:"/05b85f6a6b0e9444/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"208.91.189.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714842/; classtype:trojan-activity;sid:83577942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714840)"; flow:established,from_client; content:"GET"; http_method; content:"/05b85f6a6b0e9444/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"208.91.189.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714840/; classtype:trojan-activity;sid:83577940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714841)"; flow:established,from_client; content:"GET"; http_method; content:"/05b85f6a6b0e9444/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"208.91.189.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714841/; classtype:trojan-activity;sid:83577941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714839)"; flow:established,from_client; content:"GET"; http_method; content:"/05b85f6a6b0e9444/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"208.91.189.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714839/; classtype:trojan-activity;sid:83577939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714832)"; flow:established,from_client; content:"GET"; http_method; content:"/c67be317e1e6e8d4/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"193.201.8.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714832/; classtype:trojan-activity;sid:83577932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714833)"; flow:established,from_client; content:"GET"; http_method; content:"/c67be317e1e6e8d4/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"193.201.8.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714833/; classtype:trojan-activity;sid:83577933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714834)"; flow:established,from_client; content:"GET"; http_method; content:"/c67be317e1e6e8d4/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"193.201.8.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714834/; classtype:trojan-activity;sid:83577934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714835)"; flow:established,from_client; content:"GET"; http_method; content:"/c67be317e1e6e8d4/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"193.201.8.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714835/; classtype:trojan-activity;sid:83577935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714836)"; flow:established,from_client; content:"GET"; http_method; content:"/c67be317e1e6e8d4/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"193.201.8.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714836/; classtype:trojan-activity;sid:83577936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714837)"; flow:established,from_client; content:"GET"; http_method; content:"/c67be317e1e6e8d4/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"193.201.8.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714837/; classtype:trojan-activity;sid:83577937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714838)"; flow:established,from_client; content:"GET"; http_method; content:"/c67be317e1e6e8d4/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"193.201.8.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714838/; classtype:trojan-activity;sid:83577938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714831)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.247.157.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714831/; classtype:trojan-activity;sid:83577931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714830)"; flow:established,from_client; content:"GET"; http_method; content:"/iomq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"skp.co.id"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714830/; classtype:trojan-activity;sid:83577930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714828)"; flow:established,from_client; content:"GET"; http_method; content:"/tva/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"professional-repair-services.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714828/; classtype:trojan-activity;sid:83577928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714829)"; flow:established,from_client; content:"GET"; http_method; content:"/eust/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"carrepairdubai.ae"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714829/; classtype:trojan-activity;sid:83577929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714823)"; flow:established,from_client; content:"GET"; http_method; content:"/tlaa/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"simondist.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714823/; classtype:trojan-activity;sid:83577923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714824)"; flow:established,from_client; content:"GET"; http_method; content:"/st/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nefzo.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714824/; classtype:trojan-activity;sid:83577924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714825)"; flow:established,from_client; content:"GET"; http_method; content:"/ese/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"teamtalentelgia.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714825/; classtype:trojan-activity;sid:83577925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714826)"; flow:established,from_client; content:"GET"; http_method; content:"/qu/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"plan12.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714826/; classtype:trojan-activity;sid:83577926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714827)"; flow:established,from_client; content:"GET"; http_method; content:"/uuis/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"clickntouch.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714827/; classtype:trojan-activity;sid:83577927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714818)"; flow:established,from_client; content:"GET"; http_method; content:"/lda/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"greentechelectric.eu"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714818/; classtype:trojan-activity;sid:83577918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714819)"; flow:established,from_client; content:"GET"; http_method; content:"/ccr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"psicologa-mindfulness.it"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714819/; classtype:trojan-activity;sid:83577919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714820)"; flow:established,from_client; content:"GET"; http_method; content:"/ete/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"the17laws.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714820/; classtype:trojan-activity;sid:83577920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714821)"; flow:established,from_client; content:"GET"; http_method; content:"/riss/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"romancehotel.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714821/; classtype:trojan-activity;sid:83577921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714822)"; flow:established,from_client; content:"GET"; http_method; content:"/vsn/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cadinova.ma"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714822/; classtype:trojan-activity;sid:83577922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714817)"; flow:established,from_client; content:"GET"; http_method; content:"/ta/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"healosure.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714817/; classtype:trojan-activity;sid:83577917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714815)"; flow:established,from_client; content:"GET"; http_method; content:"/asa/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"soapap.gob.mx"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714815/; classtype:trojan-activity;sid:83577915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714816)"; flow:established,from_client; content:"GET"; http_method; content:"/de/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ismilemedical.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714816/; classtype:trojan-activity;sid:83577916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714803)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"80.76.51.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714803/; classtype:trojan-activity;sid:83577903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714804)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.76.51.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714804/; classtype:trojan-activity;sid:83577904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714805)"; flow:established,from_client; content:"GET"; http_method; content:"/oau/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"consulciap.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714805/; classtype:trojan-activity;sid:83577905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714806)"; flow:established,from_client; content:"GET"; http_method; content:"/xoes/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bertam.com.my"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714806/; classtype:trojan-activity;sid:83577906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"80.76.51.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714807/; classtype:trojan-activity;sid:83577907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714808)"; flow:established,from_client; content:"GET"; http_method; content:"/x86|3f|ddos"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"80.76.51.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714808/; classtype:trojan-activity;sid:83577908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714809)"; flow:established,from_client; content:"GET"; http_method; content:"/aut/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"brij.world"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714809/; classtype:trojan-activity;sid:83577909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714810)"; flow:established,from_client; content:"GET"; http_method; content:"/seme/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sefs.com.mx"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714810/; classtype:trojan-activity;sid:83577910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714811)"; flow:established,from_client; content:"GET"; http_method; content:"/iadn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"adrianotoledo.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714811/; classtype:trojan-activity;sid:83577911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714812)"; flow:established,from_client; content:"GET"; http_method; content:"/et/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"innocence.co.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714812/; classtype:trojan-activity;sid:83577912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714813)"; flow:established,from_client; content:"GET"; http_method; content:"/srpr/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cogitarepsicoterapia.com.br"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714813/; classtype:trojan-activity;sid:83577913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714814)"; flow:established,from_client; content:"GET"; http_method; content:"/iiso/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"plantix-eg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714814/; classtype:trojan-activity;sid:83577914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714788)"; flow:established,from_client; content:"GET"; http_method; content:"/iatu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"samehelsadat.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714788/; classtype:trojan-activity;sid:83577888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714789)"; flow:established,from_client; content:"GET"; http_method; content:"/at/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aksharagalam.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714789/; classtype:trojan-activity;sid:83577889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714790)"; flow:established,from_client; content:"GET"; http_method; content:"/ifof/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wubshetbekele.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714790/; classtype:trojan-activity;sid:83577890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714791)"; flow:established,from_client; content:"GET"; http_method; content:"/asu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ziaintegracion.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714791/; classtype:trojan-activity;sid:83577891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714792)"; flow:established,from_client; content:"GET"; http_method; content:"/qsau/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"synchronousdigital.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714792/; classtype:trojan-activity;sid:83577892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714793)"; flow:established,from_client; content:"GET"; http_method; content:"/pae/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hijrr.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714793/; classtype:trojan-activity;sid:83577893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714794)"; flow:established,from_client; content:"GET"; http_method; content:"/oe/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"unitedusedfurniture.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714794/; classtype:trojan-activity;sid:83577894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714795)"; flow:established,from_client; content:"GET"; http_method; content:"/tuo/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"universewriters.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714795/; classtype:trojan-activity;sid:83577895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714796)"; flow:established,from_client; content:"GET"; http_method; content:"/lpqo/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"apstaffing.us"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714796/; classtype:trojan-activity;sid:83577896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714797)"; flow:established,from_client; content:"GET"; http_method; content:"/rarn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeic-usa.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714797/; classtype:trojan-activity;sid:83577897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714798)"; flow:established,from_client; content:"GET"; http_method; content:"/mq/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"uplines.co"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714798/; classtype:trojan-activity;sid:83577898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714799)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.76.51.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714799/; classtype:trojan-activity;sid:83577899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.76.51.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714800/; classtype:trojan-activity;sid:83577900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714801)"; flow:established,from_client; content:"GET"; http_method; content:"/rtc/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"generalsmart.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714801/; classtype:trojan-activity;sid:83577901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714802)"; flow:established,from_client; content:"GET"; http_method; content:"/gqf/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"shoppingrf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714802/; classtype:trojan-activity;sid:83577902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714783)"; flow:established,from_client; content:"GET"; http_method; content:"/aipc/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"thebabysense.ca"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714783/; classtype:trojan-activity;sid:83577883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714784)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dispatchweekly.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714784/; classtype:trojan-activity;sid:83577884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714785)"; flow:established,from_client; content:"GET"; http_method; content:"/im/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"woodcorp.com.pk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714785/; classtype:trojan-activity;sid:83577885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714786)"; flow:established,from_client; content:"GET"; http_method; content:"/no/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"landscapersindubai.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714786/; classtype:trojan-activity;sid:83577886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714787)"; flow:established,from_client; content:"GET"; http_method; content:"/patc/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hondamardan.com.pk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714787/; classtype:trojan-activity;sid:83577887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714782)"; flow:established,from_client; content:"GET"; http_method; content:"/ic/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"moreroom-me.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714782/; classtype:trojan-activity;sid:83577882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714780)"; flow:established,from_client; content:"GET"; http_method; content:"/eor/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"alhijaztours.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714780/; classtype:trojan-activity;sid:83577880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714781)"; flow:established,from_client; content:"GET"; http_method; content:"/idai/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"redperifericaaqp.gob.pe"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714781/; classtype:trojan-activity;sid:83577881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714772)"; flow:established,from_client; content:"GET"; http_method; content:"/ai/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"libertyammunitions.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714772/; classtype:trojan-activity;sid:83577872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714773)"; flow:established,from_client; content:"GET"; http_method; content:"/at/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hamzarentacarislamabad.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714773/; classtype:trojan-activity;sid:83577873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714774)"; flow:established,from_client; content:"GET"; http_method; content:"/aunr/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"forbangladesh.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714774/; classtype:trojan-activity;sid:83577874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714775)"; flow:established,from_client; content:"GET"; http_method; content:"/stde/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"passionacademy.edu.et"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714775/; classtype:trojan-activity;sid:83577875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714776)"; flow:established,from_client; content:"GET"; http_method; content:"/ugtn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"love-sms.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714776/; classtype:trojan-activity;sid:83577876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714777)"; flow:established,from_client; content:"GET"; http_method; content:"/nte/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lider.fm"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714777/; classtype:trojan-activity;sid:83577877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714778)"; flow:established,from_client; content:"GET"; http_method; content:"/et/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"colantari.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714778/; classtype:trojan-activity;sid:83577878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714779)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.6.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714779/; classtype:trojan-activity;sid:83577879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714764)"; flow:established,from_client; content:"GET"; http_method; content:"/dt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"orgsapi.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714764/; classtype:trojan-activity;sid:83577864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714765)"; flow:established,from_client; content:"GET"; http_method; content:"/nea/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"arpatex.ch"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714765/; classtype:trojan-activity;sid:83577865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714766)"; flow:established,from_client; content:"GET"; http_method; content:"/cnti/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"techzero.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714766/; classtype:trojan-activity;sid:83577866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714767)"; flow:established,from_client; content:"GET"; http_method; content:"/aid/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"colegiodelsol.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714767/; classtype:trojan-activity;sid:83577867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714768)"; flow:established,from_client; content:"GET"; http_method; content:"/gni/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gwsoluciones.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714768/; classtype:trojan-activity;sid:83577868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714769)"; flow:established,from_client; content:"GET"; http_method; content:"/siel/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"institutodeljuego.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714769/; classtype:trojan-activity;sid:83577869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714770)"; flow:established,from_client; content:"GET"; http_method; content:"/tei/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dehandreatarot.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714770/; classtype:trojan-activity;sid:83577870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714771)"; flow:established,from_client; content:"GET"; http_method; content:"/nni/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rubiomoveis.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714771/; classtype:trojan-activity;sid:83577871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714760)"; flow:established,from_client; content:"GET"; http_method; content:"/ece/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"btcgamblingtips.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714760/; classtype:trojan-activity;sid:83577860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714761)"; flow:established,from_client; content:"GET"; http_method; content:"/elas/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"guzpanel.quest"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714761/; classtype:trojan-activity;sid:83577861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714762)"; flow:established,from_client; content:"GET"; http_method; content:"/ll/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lcmagency.art"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714762/; classtype:trojan-activity;sid:83577862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714763)"; flow:established,from_client; content:"GET"; http_method; content:"/luda/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"josim-uddin.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714763/; classtype:trojan-activity;sid:83577863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714757)"; flow:established,from_client; content:"GET"; http_method; content:"/oqce/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"somoyerdarpon.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714757/; classtype:trojan-activity;sid:83577857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714758)"; flow:established,from_client; content:"GET"; http_method; content:"/see/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"crypticminer.cloud"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714758/; classtype:trojan-activity;sid:83577858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714759)"; flow:established,from_client; content:"GET"; http_method; content:"/uua/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gabioni.ge"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714759/; classtype:trojan-activity;sid:83577859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714754)"; flow:established,from_client; content:"GET"; http_method; content:"/sca/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pollodacsa.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714754/; classtype:trojan-activity;sid:83577854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714755)"; flow:established,from_client; content:"GET"; http_method; content:"/tonn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shubhamavenue.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714755/; classtype:trojan-activity;sid:83577855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714756)"; flow:established,from_client; content:"GET"; http_method; content:"/vo/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"flanartscuisine.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714756/; classtype:trojan-activity;sid:83577856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714748)"; flow:established,from_client; content:"GET"; http_method; content:"/nm/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pearlstore.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714748/; classtype:trojan-activity;sid:83577848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714749)"; flow:established,from_client; content:"GET"; http_method; content:"/mc/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hum-yummy.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714749/; classtype:trojan-activity;sid:83577849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714750)"; flow:established,from_client; content:"GET"; http_method; content:"/oro/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"urban.ng"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714750/; classtype:trojan-activity;sid:83577850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714751)"; flow:established,from_client; content:"GET"; http_method; content:"/iqua/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"initiative-td.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714751/; classtype:trojan-activity;sid:83577851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714752)"; flow:established,from_client; content:"GET"; http_method; content:"/nn/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"roraimastudios.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714752/; classtype:trojan-activity;sid:83577852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714753)"; flow:established,from_client; content:"GET"; http_method; content:"/emi/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"puretechdigital.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714753/; classtype:trojan-activity;sid:83577853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714742)"; flow:established,from_client; content:"GET"; http_method; content:"/tinu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"modant-seabulk.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714742/; classtype:trojan-activity;sid:83577842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714743)"; flow:established,from_client; content:"GET"; http_method; content:"/stvi/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"homeparadz.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714743/; classtype:trojan-activity;sid:83577843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714744)"; flow:established,from_client; content:"GET"; http_method; content:"/cer/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"elite-sd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714744/; classtype:trojan-activity;sid:83577844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714745)"; flow:established,from_client; content:"GET"; http_method; content:"/iaep/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"unanimousgoatcloting.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714745/; classtype:trojan-activity;sid:83577845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714746)"; flow:established,from_client; content:"GET"; http_method; content:"/odp/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dreamcitytoronto.ca"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714746/; classtype:trojan-activity;sid:83577846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714747)"; flow:established,from_client; content:"GET"; http_method; content:"/vt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"renforcerusa.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714747/; classtype:trojan-activity;sid:83577847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.255.217.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714741/; classtype:trojan-activity;sid:83577841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714740/; classtype:trojan-activity;sid:83577840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714739)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"tkk.2023.ebeenj.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714739/; classtype:trojan-activity;sid:83577839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714738)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.242.25.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714738/; classtype:trojan-activity;sid:83577838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.73.19.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714737/; classtype:trojan-activity;sid:83577837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714736)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pon"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.225.74.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714736/; classtype:trojan-activity;sid:83577836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714735)"; flow:established,from_client; content:"GET"; http_method; content:"/atm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.119.174.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714735/; classtype:trojan-activity;sid:83577835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714733)"; flow:established,from_client; content:"GET"; http_method; content:"/orst/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.120.178.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714733/; classtype:trojan-activity;sid:83577833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714734)"; flow:established,from_client; content:"GET"; http_method; content:"/is/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"88.119.175.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714734/; classtype:trojan-activity;sid:83577834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714732)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1156866592534175804/1156866906867912724/latsunagame.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714732/; classtype:trojan-activity;sid:83577832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714730)"; flow:established,from_client; content:"GET"; http_method; content:"/vs/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"brunaviolaoficial.com.br"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714730/; classtype:trojan-activity;sid:83577830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714731)"; flow:established,from_client; content:"GET"; http_method; content:"/roboocr.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"moontraffics.online"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714731/; classtype:trojan-activity;sid:83577831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714729)"; flow:established,from_client; content:"GET"; http_method; content:"/dis/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"skillerszone.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714729/; classtype:trojan-activity;sid:83577829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714724)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666276910|3f|hash=78enpstuizwp01h6igounklyllrhdcnihsp1vga80xh|7c|26|7c|dl=zvwn7wwbhf7gfksletdf1w7wttw4cqoqxi51zg1vzk4|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714724/; classtype:trojan-activity;sid:83577824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714725)"; flow:established,from_client; content:"GET"; http_method; content:"/mrr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"palakkadscb.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714725/; classtype:trojan-activity;sid:83577825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714726)"; flow:established,from_client; content:"GET"; http_method; content:"/dmi/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"laplayosa.gob.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714726/; classtype:trojan-activity;sid:83577826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714727)"; flow:established,from_client; content:"GET"; http_method; content:"/nrp/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"adfilms.lk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714727/; classtype:trojan-activity;sid:83577827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714728)"; flow:established,from_client; content:"GET"; http_method; content:"/us/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"sosprinter.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714728/; classtype:trojan-activity;sid:83577828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714717)"; flow:established,from_client; content:"GET"; http_method; content:"/dus/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"thefastestcard.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714717/; classtype:trojan-activity;sid:83577817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714718)"; flow:established,from_client; content:"GET"; http_method; content:"/tges/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"neftobd.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714718/; classtype:trojan-activity;sid:83577818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714719)"; flow:established,from_client; content:"GET"; http_method; content:"/meu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"startvideoedition.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714719/; classtype:trojan-activity;sid:83577819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714720)"; flow:established,from_client; content:"GET"; http_method; content:"/dlem/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"lookkiero.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714720/; classtype:trojan-activity;sid:83577820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714721)"; flow:established,from_client; content:"GET"; http_method; content:"/nd/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bjainpharmacrm.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714721/; classtype:trojan-activity;sid:83577821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714722)"; flow:established,from_client; content:"GET"; http_method; content:"/sstp/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"itspak.com.pk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714722/; classtype:trojan-activity;sid:83577822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714723)"; flow:established,from_client; content:"GET"; http_method; content:"/nio/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bornomalaschool.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714723/; classtype:trojan-activity;sid:83577823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714698)"; flow:established,from_client; content:"GET"; http_method; content:"/se/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"division9kw.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714698/; classtype:trojan-activity;sid:83577798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714699)"; flow:established,from_client; content:"GET"; http_method; content:"/asln/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"almonanhijama.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714699/; classtype:trojan-activity;sid:83577799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714700)"; flow:established,from_client; content:"GET"; http_method; content:"/util/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"smartretouching.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714700/; classtype:trojan-activity;sid:83577800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714701)"; flow:established,from_client; content:"GET"; http_method; content:"/ac/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ebaeuropacontrol.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714701/; classtype:trojan-activity;sid:83577801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714702)"; flow:established,from_client; content:"GET"; http_method; content:"/tp/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"idsaperu.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714702/; classtype:trojan-activity;sid:83577802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714703)"; flow:established,from_client; content:"GET"; http_method; content:"/cc/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"beaccameroun.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714703/; classtype:trojan-activity;sid:83577803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714704)"; flow:established,from_client; content:"GET"; http_method; content:"/uu/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mixologa.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714704/; classtype:trojan-activity;sid:83577804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714705)"; flow:established,from_client; content:"GET"; http_method; content:"/tq/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"kunals.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714705/; classtype:trojan-activity;sid:83577805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714706)"; flow:established,from_client; content:"GET"; http_method; content:"/usii/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"prowesstechllc.us"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714706/; classtype:trojan-activity;sid:83577806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714707)"; flow:established,from_client; content:"GET"; http_method; content:"/ect/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"smartsbee.co"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714707/; classtype:trojan-activity;sid:83577807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714708)"; flow:established,from_client; content:"GET"; http_method; content:"/afst/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"taxiumraah.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714708/; classtype:trojan-activity;sid:83577808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714709)"; flow:established,from_client; content:"GET"; http_method; content:"/sdr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gitghana.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714709/; classtype:trojan-activity;sid:83577809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714710)"; flow:established,from_client; content:"GET"; http_method; content:"/iql/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"quickeasyfinance.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714710/; classtype:trojan-activity;sid:83577810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714711)"; flow:established,from_client; content:"GET"; http_method; content:"/ups/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"shadowmaskbungalow.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714711/; classtype:trojan-activity;sid:83577811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714712)"; flow:established,from_client; content:"GET"; http_method; content:"/ve/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"successwithoutsacrifice.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714712/; classtype:trojan-activity;sid:83577812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714713)"; flow:established,from_client; content:"GET"; http_method; content:"/muuo/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"codingtestsforkids.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714713/; classtype:trojan-activity;sid:83577813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714714)"; flow:established,from_client; content:"GET"; http_method; content:"/sitl/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"oobben.store"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714714/; classtype:trojan-activity;sid:83577814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714715)"; flow:established,from_client; content:"GET"; http_method; content:"/etn/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"floriculturavalledasflores.com.br"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714715/; classtype:trojan-activity;sid:83577815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714716)"; flow:established,from_client; content:"GET"; http_method; content:"/ml/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"englishnet.com.mx"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714716/; classtype:trojan-activity;sid:83577816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714695)"; flow:established,from_client; content:"GET"; http_method; content:"/ihpe/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.191.37.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714695/; classtype:trojan-activity;sid:83577795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714696)"; flow:established,from_client; content:"GET"; http_method; content:"/pm/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.207.132.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714696/; classtype:trojan-activity;sid:83577796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714697)"; flow:established,from_client; content:"GET"; http_method; content:"/sce/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"140.82.7.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714697/; classtype:trojan-activity;sid:83577797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714694)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cnc.joskekurwa.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714694/; classtype:trojan-activity;sid:83577794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714693)"; flow:established,from_client; content:"GET"; http_method; content:"////////////////////////////////atom.xml"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"usa-biz-cpa.blogspot.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714693/; classtype:trojan-activity;sid:83577793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714692)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.183.220.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714692/; classtype:trojan-activity;sid:83577792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714690)"; flow:established,from_client; content:"GET"; http_method; content:"/afibf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"goo.su"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714690/; classtype:trojan-activity;sid:83577790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714689)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.175.154.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714689/; classtype:trojan-activity;sid:83577789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714686)"; flow:established,from_client; content:"GET"; http_method; content:"/vc32.tar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.140.114.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714686/; classtype:trojan-activity;sid:83577786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714687)"; flow:established,from_client; content:"GET"; http_method; content:"/vc64.tar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.140.114.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714687/; classtype:trojan-activity;sid:83577787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714684/; classtype:trojan-activity;sid:83577784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.38.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714685/; classtype:trojan-activity;sid:83577785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714683)"; flow:established,from_client; content:"GET"; http_method; content:"/eee.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"stable4download.ocmtancmi2c5t.website"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714683/; classtype:trojan-activity;sid:83577783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.253.92.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714682/; classtype:trojan-activity;sid:83577782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714681)"; flow:established,from_client; content:"GET"; http_method; content:"/file/installs.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hack-x.su"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714681/; classtype:trojan-activity;sid:83577781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714671)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.225.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714671/; classtype:trojan-activity;sid:83577771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714672)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.225.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714672/; classtype:trojan-activity;sid:83577772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714673)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.225.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714673/; classtype:trojan-activity;sid:83577773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714674)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.225.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714674/; classtype:trojan-activity;sid:83577774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714675)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.225.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714675/; classtype:trojan-activity;sid:83577775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714676)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.225.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714676/; classtype:trojan-activity;sid:83577776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714677)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.225.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714677/; classtype:trojan-activity;sid:83577777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714678)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.225.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714678/; classtype:trojan-activity;sid:83577778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714679)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.225.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714679/; classtype:trojan-activity;sid:83577779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714680)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.225.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714680/; classtype:trojan-activity;sid:83577780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714670/; classtype:trojan-activity;sid:83577770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714669)"; flow:established,from_client; content:"GET"; http_method; content:"/kukri.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"botnet.zapto.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714669/; classtype:trojan-activity;sid:83577769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714668)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.41.182.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714668/; classtype:trojan-activity;sid:83577768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714667)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.64.236.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714667/; classtype:trojan-activity;sid:83577767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714666)"; flow:established,from_client; content:"GET"; http_method; content:"/eummolestias/i.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"glowriters.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714666/; classtype:trojan-activity;sid:83577766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714664)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"94.156.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714664/; classtype:trojan-activity;sid:83577764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714665)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ox0ox0oxdefault/z0r0.arm7"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"94.156.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714665/; classtype:trojan-activity;sid:83577765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.44.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714663/; classtype:trojan-activity;sid:83577763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.122.232.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714662/; classtype:trojan-activity;sid:83577762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714661)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1156546019513864202/1156703243561357322/latsunabeta.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714661/; classtype:trojan-activity;sid:83577761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714660)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1153762572445700157/1156652971518603518/setup_1.rar"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714660/; classtype:trojan-activity;sid:83577760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714659)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/887910585474375690/1156705897268138044/riko.rar|3f|ex=6515f1d0|7c|26|7c|is=6514a050|7c|26|7c|hm=d579762bb60e9524be1a94e0e3b28f0f492d30d91ff8dc7ca13f90959e31a542|7c|26|7c|"; http_uri; depth:183; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714659/; classtype:trojan-activity;sid:83577759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714658)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666246130|3f|hash=jgyo951jdzo9pkyyflngu8d5eybdua8pm91zrbbjfog|7c|26|7c|dl=nczw8tibirwoueu9ver2eizbev0hwouwr530zu8hqvg|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714658/; classtype:trojan-activity;sid:83577758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.166.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714657/; classtype:trojan-activity;sid:83577757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.81.166.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714656/; classtype:trojan-activity;sid:83577756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.246.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714655/; classtype:trojan-activity;sid:83577755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714654)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"61.58.79.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714654/; classtype:trojan-activity;sid:83577754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714653)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantom.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.36.81.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714653/; classtype:trojan-activity;sid:83577753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714652)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.67.206.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714652/; classtype:trojan-activity;sid:83577752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714651)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraivariant.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.36.81.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714651/; classtype:trojan-activity;sid:83577751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"170.253.4.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714650/; classtype:trojan-activity;sid:83577750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714649/; classtype:trojan-activity;sid:83577749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.196.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714648/; classtype:trojan-activity;sid:83577748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.27.170.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_28; reference:url, urlhaus.abuse.ch/url/2714647/; classtype:trojan-activity;sid:83577747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714646)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.122.58.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714646/; classtype:trojan-activity;sid:83577746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.87.49.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714645/; classtype:trojan-activity;sid:83577745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714644)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.26.202.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714644/; classtype:trojan-activity;sid:83577744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714643)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mevwz.2023.ebeenj.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714643/; classtype:trojan-activity;sid:83577743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714642/; classtype:trojan-activity;sid:83577742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714641)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"tgp.2023.ebeenj.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714641/; classtype:trojan-activity;sid:83577741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714640)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"iran-sahm.otzo.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714640/; classtype:trojan-activity;sid:83577740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714638)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ir.authorizeddns.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714638/; classtype:trojan-activity;sid:83577738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714639)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ir-adl.fartit.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714639/; classtype:trojan-activity;sid:83577739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714633)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"saham-iran.otzo.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714633/; classtype:trojan-activity;sid:83577733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714634)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"iran-ed.otzo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714634/; classtype:trojan-activity;sid:83577734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714635)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"saham.camdvr.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714635/; classtype:trojan-activity;sid:83577735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714636)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-iran.otzo.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714636/; classtype:trojan-activity;sid:83577736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714637)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sa-iran.vizvaz.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714637/; classtype:trojan-activity;sid:83577737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714627)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ir-sa.fartit.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714627/; classtype:trojan-activity;sid:83577727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714628)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"saham-ir.otzo.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714628/; classtype:trojan-activity;sid:83577728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714629)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"iran-sa.fartit.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714629/; classtype:trojan-activity;sid:83577729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714630)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ir-sana.otzo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714630/; classtype:trojan-activity;sid:83577730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714631)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ed.authorizeddns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714631/; classtype:trojan-activity;sid:83577731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714632)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"irs.duia.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714632/; classtype:trojan-activity;sid:83577732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714624)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"iran-ird.otzo.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714624/; classtype:trojan-activity;sid:83577724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714625)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sah-ir.vizvaz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714625/; classtype:trojan-activity;sid:83577725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714626)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ir.isasecret.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714626/; classtype:trojan-activity;sid:83577726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714622)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"iran.isasecret.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714622/; classtype:trojan-activity;sid:83577722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714623)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"iran-st.vizvaz.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714623/; classtype:trojan-activity;sid:83577723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714621)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sahame-ir.fartit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714621/; classtype:trojan-activity;sid:83577721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714620)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ir-sham.otzo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714620/; classtype:trojan-activity;sid:83577720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714619)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"irsahm.fartit.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714619/; classtype:trojan-activity;sid:83577719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714618)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nestbirdie.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714618/; classtype:trojan-activity;sid:83577718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714617)"; flow:established,from_client; content:"GET"; http_method; content:"/joker05/main.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dispatchweekly.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714617/; classtype:trojan-activity;sid:83577717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714613)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sahameli1402.site"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714613/; classtype:trojan-activity;sid:83577713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714614)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"iredsahm.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714614/; classtype:trojan-activity;sid:83577714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714615)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"edsync.site"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714615/; classtype:trojan-activity;sid:83577715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714616)"; flow:established,from_client; content:"GET"; http_method; content:"/comments.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dispatchweekly.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714616/; classtype:trojan-activity;sid:83577716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714612)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ir-saham.otzo.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714612/; classtype:trojan-activity;sid:83577712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714610)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adle-ir.otzo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714610/; classtype:trojan-activity;sid:83577710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714611)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ed-ir.fartit.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714611/; classtype:trojan-activity;sid:83577711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714609)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"72.191.132.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714609/; classtype:trojan-activity;sid:83577709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714608)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.190.161.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714608/; classtype:trojan-activity;sid:83577708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714607)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.109.229.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714607/; classtype:trojan-activity;sid:83577707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714606/; classtype:trojan-activity;sid:83577706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.32.172.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714605/; classtype:trojan-activity;sid:83577705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.163.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714604/; classtype:trojan-activity;sid:83577704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714603)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.254.146.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714603/; classtype:trojan-activity;sid:83577703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714602)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.87.35.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714602/; classtype:trojan-activity;sid:83577702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714601)"; flow:established,from_client; content:"GET"; http_method; content:"/unqgl.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.161.229.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714601/; classtype:trojan-activity;sid:83577701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714599)"; flow:established,from_client; content:"GET"; http_method; content:"/0xd00f.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.110.48.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714599/; classtype:trojan-activity;sid:83577699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714600)"; flow:established,from_client; content:"GET"; http_method; content:"/0xd00f.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.110.48.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714600/; classtype:trojan-activity;sid:83577700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.183.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714598/; classtype:trojan-activity;sid:83577698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.183.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714597/; classtype:trojan-activity;sid:83577697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714596)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.116.12.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714596/; classtype:trojan-activity;sid:83577696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714595)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.43.28.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714595/; classtype:trojan-activity;sid:83577695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714594)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.204.221.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714594/; classtype:trojan-activity;sid:83577694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714593)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"187.145.139.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714593/; classtype:trojan-activity;sid:83577693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714591)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adliran.camdvr.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714591/; classtype:trojan-activity;sid:83577691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714592)"; flow:established,from_client; content:"GET"; http_method; content:"/app1.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"adl.camdvr.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714592/; classtype:trojan-activity;sid:83577692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714589)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-q.camdvr.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714589/; classtype:trojan-activity;sid:83577689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714590)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sahanm.camdvr.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714590/; classtype:trojan-activity;sid:83577690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714586)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666234015|3f|hash=jc8k9uzndwpizhryeqnmi9pc0nhf4jlz2m1bjdwized|7c|26|7c|dl=hrm2hk5mgfzvhmzlzxpzfwqdj4ydsi3pzhnkqlajnjl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714586/; classtype:trojan-activity;sid:83577686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714587)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sahm-ir.fartit.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714587/; classtype:trojan-activity;sid:83577687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714588)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666247435|3f|hash=kenlb7shzzcgaospsp7euqdszgm6qj3gpeyvtbkbjcz|7c|26|7c|dl=i2qjznsj7ddx0run3m0vqpqzsrkeixzwzwdqivtz0pd|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714588/; classtype:trojan-activity;sid:83577688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714585)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666237058|3f|hash=jlzqrj0cx750wmmq8de0i0zza5dlbkp5vmpjjduypp8|7c|26|7c|dl=ojb2ziruixsskubtfz18n1vjudumeknylou68occ88d|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714585/; classtype:trojan-activity;sid:83577685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714582)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ir-saham.fartit.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714582/; classtype:trojan-activity;sid:83577682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714583)"; flow:established,from_client; content:"GET"; http_method; content:"/app1.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sahmn.camdvr.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714583/; classtype:trojan-activity;sid:83577683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714584)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sahmn.vizvaz.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714584/; classtype:trojan-activity;sid:83577684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714581)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ir-saham.jkub.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714581/; classtype:trojan-activity;sid:83577681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.68.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714580/; classtype:trojan-activity;sid:83577680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.92.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714579/; classtype:trojan-activity;sid:83577679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714578)"; flow:established,from_client; content:"GET"; http_method; content:"/xnn/yy"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.246.85.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714578/; classtype:trojan-activity;sid:83577678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714577)"; flow:established,from_client; content:"GET"; http_method; content:"/xnn/ys"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.246.85.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714577/; classtype:trojan-activity;sid:83577677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714575)"; flow:established,from_client; content:"GET"; http_method; content:"/nvt4ni/xx"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.246.85.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714575/; classtype:trojan-activity;sid:83577675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714576)"; flow:established,from_client; content:"GET"; http_method; content:"/gdt5p3y/vww"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"162.19.130.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714576/; classtype:trojan-activity;sid:83577676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.107.12.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714574/; classtype:trojan-activity;sid:83577674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714573)"; flow:established,from_client; content:"GET"; http_method; content:"/imolight2.1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mailhosting.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714573/; classtype:trojan-activity;sid:83577673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714571)"; flow:established,from_client; content:"GET"; http_method; content:"/sk32.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.140.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714571/; classtype:trojan-activity;sid:83577671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714572)"; flow:established,from_client; content:"GET"; http_method; content:"/sk64.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.140.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714572/; classtype:trojan-activity;sid:83577672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.12.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714570/; classtype:trojan-activity;sid:83577670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.181.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714569/; classtype:trojan-activity;sid:83577669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714568)"; flow:established,from_client; content:"GET"; http_method; content:"/tl/ly4893.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.161.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714568/; classtype:trojan-activity;sid:83577668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714567)"; flow:established,from_client; content:"GET"; http_method; content:"/file/1693511367-healthprotocol.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"37.221.93.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714567/; classtype:trojan-activity;sid:83577667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714566)"; flow:established,from_client; content:"GET"; http_method; content:"/fuza/2.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.91.68.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714566/; classtype:trojan-activity;sid:83577666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714565)"; flow:established,from_client; content:"GET"; http_method; content:"/525403/setup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.203.232.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714565/; classtype:trojan-activity;sid:83577665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714564)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1156256221070897253/1156342584575262810/latsunabeta.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714564/; classtype:trojan-activity;sid:83577664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714563)"; flow:established,from_client; content:"GET"; http_method; content:"/dyke.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.42.33.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714563/; classtype:trojan-activity;sid:83577663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714562)"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cnc.joskekurwa.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714562/; classtype:trojan-activity;sid:83577662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714561)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.php"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dispatchweekly.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714561/; classtype:trojan-activity;sid:83577661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.173.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714560/; classtype:trojan-activity;sid:83577660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.188.17.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714559/; classtype:trojan-activity;sid:83577659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714558)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.208.77.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714558/; classtype:trojan-activity;sid:83577658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714557)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.82.180"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714557/; classtype:trojan-activity;sid:83577657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714556)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.221.242.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714556/; classtype:trojan-activity;sid:83577656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714546)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"157.254.166.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714546/; classtype:trojan-activity;sid:83577646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714547)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.254.166.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714547/; classtype:trojan-activity;sid:83577647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714548)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"157.254.166.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714548/; classtype:trojan-activity;sid:83577648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714549)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.254.166.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714549/; classtype:trojan-activity;sid:83577649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714550)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"157.254.166.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714550/; classtype:trojan-activity;sid:83577650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714551)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.254.166.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714551/; classtype:trojan-activity;sid:83577651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714552)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.254.166.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714552/; classtype:trojan-activity;sid:83577652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714553)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.254.166.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714553/; classtype:trojan-activity;sid:83577653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714554)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"157.254.166.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714554/; classtype:trojan-activity;sid:83577654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714555)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.254.166.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714555/; classtype:trojan-activity;sid:83577655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714545)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.112.19.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714545/; classtype:trojan-activity;sid:83577645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714544)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.113.172.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714544/; classtype:trojan-activity;sid:83577644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714543)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.233.85.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714543/; classtype:trojan-activity;sid:83577643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714542)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.113.49.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714542/; classtype:trojan-activity;sid:83577642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714541)"; flow:established,from_client; content:"GET"; http_method; content:"/get/vfbssarbur/nigwebb.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"transfer.sh"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714541/; classtype:trojan-activity;sid:83577641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714540)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.76.51.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714540/; classtype:trojan-activity;sid:83577640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.2.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714539/; classtype:trojan-activity;sid:83577639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.47.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714538/; classtype:trojan-activity;sid:83577638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714537)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714537/; classtype:trojan-activity;sid:83577637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714535)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714535/; classtype:trojan-activity;sid:83577635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714536)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714536/; classtype:trojan-activity;sid:83577636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714530)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714530/; classtype:trojan-activity;sid:83577630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714531)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714531/; classtype:trojan-activity;sid:83577631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714532)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714532/; classtype:trojan-activity;sid:83577632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714533)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714533/; classtype:trojan-activity;sid:83577633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714534)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714534/; classtype:trojan-activity;sid:83577634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714529)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714529/; classtype:trojan-activity;sid:83577629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714528)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"lxndd.2023.ebeenj.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714528/; classtype:trojan-activity;sid:83577628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714527)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.213.228.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714527/; classtype:trojan-activity;sid:83577627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714526)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|amp|7c|3b|7c|confirm=no_antivirus|7c|26|7c|id=15auefayfdzmpg4m9ixcujfun4u2yw8w4"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714526/; classtype:trojan-activity;sid:83577626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714525)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.82.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714525/; classtype:trojan-activity;sid:83577625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.193.225.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714524/; classtype:trojan-activity;sid:83577624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714523/; classtype:trojan-activity;sid:83577623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.98.35.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714522/; classtype:trojan-activity;sid:83577622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714520)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/clean.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714520/; classtype:trojan-activity;sid:83577620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714521)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/rh111.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714521/; classtype:trojan-activity;sid:83577621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714518)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/asca1ex.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714518/; classtype:trojan-activity;sid:83577618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714519)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/rh_0.4.9rc1123.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714519/; classtype:trojan-activity;sid:83577619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714517)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.61.103.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714517/; classtype:trojan-activity;sid:83577617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714515)"; flow:established,from_client; content:"GET"; http_method; content:"/pastor/-irrkt.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.175.113.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714515/; classtype:trojan-activity;sid:83577615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714516)"; flow:established,from_client; content:"GET"; http_method; content:"/pastor/retain.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.175.113.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714516/; classtype:trojan-activity;sid:83577616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714513)"; flow:established,from_client; content:"GET"; http_method; content:"/pastor/czlsl.pdf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.175.113.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714513/; classtype:trojan-activity;sid:83577613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714514)"; flow:established,from_client; content:"GET"; http_method; content:"/pastor/axes.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.175.113.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714514/; classtype:trojan-activity;sid:83577614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714511)"; flow:established,from_client; content:"GET"; http_method; content:"/pastor/irrkt.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.175.113.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714511/; classtype:trojan-activity;sid:83577611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714512)"; flow:established,from_client; content:"GET"; http_method; content:"/pastor/abzyvhxf.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"107.175.113.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714512/; classtype:trojan-activity;sid:83577612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.53.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714510/; classtype:trojan-activity;sid:83577610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714509)"; flow:established,from_client; content:"GET"; http_method; content:"/comments.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"limbus-holding.de"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714509/; classtype:trojan-activity;sid:83577609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714504)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-xc.faqserv.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714504/; classtype:trojan-activity;sid:83577604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714505)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adl-zx.fartit.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714505/; classtype:trojan-activity;sid:83577605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714506)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adl-vb.vizvaz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714506/; classtype:trojan-activity;sid:83577606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714507)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"r-ir.jkub.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714507/; classtype:trojan-activity;sid:83577607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714508)"; flow:established,from_client; content:"GET"; http_method; content:"/comments.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lepanam.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714508/; classtype:trojan-activity;sid:83577608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714502)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666216113|3f|hash=9p2aylk8zwbc1pvezpqbkzqhzl3orzlzpdihhe6p664|7c|26|7c|dl=cslpzzmp7vlhk2ztpnyiuovrqdoxg4v4he4ddoaglzo|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714502/; classtype:trojan-activity;sid:83577602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714503)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-cv.my03.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714503/; classtype:trojan-activity;sid:83577603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714501)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.174.34.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714501/; classtype:trojan-activity;sid:83577601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714498)"; flow:established,from_client; content:"GET"; http_method; content:"/app1.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"adl-vm.instanthq.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714498/; classtype:trojan-activity;sid:83577598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714499)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-mn.my03.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714499/; classtype:trojan-activity;sid:83577599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714500)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-mn.jkub.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714500/; classtype:trojan-activity;sid:83577600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714497)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1156215158130094202/1156324055683702945/setup.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714497/; classtype:trojan-activity;sid:83577597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714496)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1154083007674712114/1155561244871364618/mythicguardian_setup.rar"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714496/; classtype:trojan-activity;sid:83577596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714495)"; flow:established,from_client; content:"GET"; http_method; content:"/comments.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"manfredritschard.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714495/; classtype:trojan-activity;sid:83577595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714494)"; flow:established,from_client; content:"GET"; http_method; content:"/ok.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"35.230.66.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714494/; classtype:trojan-activity;sid:83577594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714493)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.98.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714493/; classtype:trojan-activity;sid:83577593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714492)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.161.80.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714492/; classtype:trojan-activity;sid:83577592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.244.203.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714491/; classtype:trojan-activity;sid:83577591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.244.203.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714490/; classtype:trojan-activity;sid:83577590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.86.99.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714489/; classtype:trojan-activity;sid:83577589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.37.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714488/; classtype:trojan-activity;sid:83577588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.11.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714487/; classtype:trojan-activity;sid:83577587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.11.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714486/; classtype:trojan-activity;sid:83577586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.58.93.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714485/; classtype:trojan-activity;sid:83577585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.95.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714484/; classtype:trojan-activity;sid:83577584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714483)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.8.96"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714483/; classtype:trojan-activity;sid:83577583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714482)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.8.66"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714482/; classtype:trojan-activity;sid:83577582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714481/; classtype:trojan-activity;sid:83577581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714480)"; flow:established,from_client; content:"GET"; http_method; content:"/vre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"isajs7250.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_27; reference:url, urlhaus.abuse.ch/url/2714480/; classtype:trojan-activity;sid:83577580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714479)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.133.9.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714479/; classtype:trojan-activity;sid:83577579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714477)"; flow:established,from_client; content:"GET"; http_method; content:"/tamkjll.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714477/; classtype:trojan-activity;sid:83577577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714478)"; flow:established,from_client; content:"GET"; http_method; content:"/tamkjll.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714478/; classtype:trojan-activity;sid:83577578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714475)"; flow:established,from_client; content:"GET"; http_method; content:"/tamkjll.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714475/; classtype:trojan-activity;sid:83577575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714476)"; flow:established,from_client; content:"GET"; http_method; content:"/tamkjll.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714476/; classtype:trojan-activity;sid:83577576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714470)"; flow:established,from_client; content:"GET"; http_method; content:"/tamkjll.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714470/; classtype:trojan-activity;sid:83577570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714471)"; flow:established,from_client; content:"GET"; http_method; content:"/tamkjll.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714471/; classtype:trojan-activity;sid:83577571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714472)"; flow:established,from_client; content:"GET"; http_method; content:"/tamkjll.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714472/; classtype:trojan-activity;sid:83577572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714473)"; flow:established,from_client; content:"GET"; http_method; content:"/tamkjll.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714473/; classtype:trojan-activity;sid:83577573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714474)"; flow:established,from_client; content:"GET"; http_method; content:"/tamkjll.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714474/; classtype:trojan-activity;sid:83577574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714469)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.35.205.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714469/; classtype:trojan-activity;sid:83577569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714468)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/x4zhwtm1h3sr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714468/; classtype:trojan-activity;sid:83577568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.90.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714467/; classtype:trojan-activity;sid:83577567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.3.247.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714466/; classtype:trojan-activity;sid:83577566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714464)"; flow:established,from_client; content:"GET"; http_method; content:"/paste-code/bqjc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wtools.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714464/; classtype:trojan-activity;sid:83577564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714465)"; flow:established,from_client; content:"GET"; http_method; content:"/paste-code/bqjd"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wtools.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714465/; classtype:trojan-activity;sid:83577565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714462)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.92.208.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714462/; classtype:trojan-activity;sid:83577562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714463)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.92.208.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714463/; classtype:trojan-activity;sid:83577563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714452)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.92.208.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714452/; classtype:trojan-activity;sid:83577552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714453)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.92.208.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714453/; classtype:trojan-activity;sid:83577553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714454)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"23.92.208.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714454/; classtype:trojan-activity;sid:83577554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714455)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.92.208.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714455/; classtype:trojan-activity;sid:83577555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714456)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.92.208.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714456/; classtype:trojan-activity;sid:83577556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714457)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.92.208.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714457/; classtype:trojan-activity;sid:83577557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714458)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.92.208.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714458/; classtype:trojan-activity;sid:83577558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714459)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.92.208.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714459/; classtype:trojan-activity;sid:83577559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714460)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.92.208.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714460/; classtype:trojan-activity;sid:83577560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714461)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"23.92.208.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714461/; classtype:trojan-activity;sid:83577561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.166.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714451/; classtype:trojan-activity;sid:83577551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.3.247.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714450/; classtype:trojan-activity;sid:83577550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714449)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.255.209.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714449/; classtype:trojan-activity;sid:83577549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.81.166.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714448/; classtype:trojan-activity;sid:83577548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714447)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ksda.2023.ebeenj.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714447/; classtype:trojan-activity;sid:83577547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.95.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714446/; classtype:trojan-activity;sid:83577546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714444)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.225.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714444/; classtype:trojan-activity;sid:83577544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714445)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.225.75.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714445/; classtype:trojan-activity;sid:83577545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.92.24.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714443/; classtype:trojan-activity;sid:83577543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.49.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714442/; classtype:trojan-activity;sid:83577542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714441/; classtype:trojan-activity;sid:83577541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714440)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.82.88.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714440/; classtype:trojan-activity;sid:83577540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.72.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714439/; classtype:trojan-activity;sid:83577539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.72.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714438/; classtype:trojan-activity;sid:83577538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714428)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"104.168.24.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714428/; classtype:trojan-activity;sid:83577528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714429)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.168.24.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714429/; classtype:trojan-activity;sid:83577529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714430)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"104.168.24.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714430/; classtype:trojan-activity;sid:83577530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714431)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"104.168.24.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714431/; classtype:trojan-activity;sid:83577531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714432)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"104.168.24.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714432/; classtype:trojan-activity;sid:83577532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714433)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"104.168.24.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714433/; classtype:trojan-activity;sid:83577533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714434)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"104.168.24.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714434/; classtype:trojan-activity;sid:83577534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714435)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.168.24.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714435/; classtype:trojan-activity;sid:83577535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714436)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.168.24.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714436/; classtype:trojan-activity;sid:83577536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714437)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"104.168.24.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714437/; classtype:trojan-activity;sid:83577537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.159.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714427/; classtype:trojan-activity;sid:83577527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.28.59.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714426/; classtype:trojan-activity;sid:83577526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714425)"; flow:established,from_client; content:"GET"; http_method; content:"/irr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nassifenterprise.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714425/; classtype:trojan-activity;sid:83577525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714424)"; flow:established,from_client; content:"GET"; http_method; content:"/nor/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hubtron.com.pk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714424/; classtype:trojan-activity;sid:83577524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714423)"; flow:established,from_client; content:"GET"; http_method; content:"/ne/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"semquedagotas.store"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714423/; classtype:trojan-activity;sid:83577523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714422)"; flow:established,from_client; content:"GET"; http_method; content:"/io/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"renovad3.store"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714422/; classtype:trojan-activity;sid:83577522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714421)"; flow:established,from_client; content:"GET"; http_method; content:"/sci/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"skincaremulher.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714421/; classtype:trojan-activity;sid:83577521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714420)"; flow:established,from_client; content:"GET"; http_method; content:"/tqse/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tratacabelo.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714420/; classtype:trojan-activity;sid:83577520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714419)"; flow:established,from_client; content:"GET"; http_method; content:"/apl/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"medicenter.fun"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714419/; classtype:trojan-activity;sid:83577519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714418)"; flow:established,from_client; content:"GET"; http_method; content:"/eit/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"glowriters.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714418/; classtype:trojan-activity;sid:83577518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714417)"; flow:established,from_client; content:"GET"; http_method; content:"/itee/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ingeniumav.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714417/; classtype:trojan-activity;sid:83577517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714415)"; flow:established,from_client; content:"GET"; http_method; content:"/iece/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"roundstransports.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714415/; classtype:trojan-activity;sid:83577515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714416)"; flow:established,from_client; content:"GET"; http_method; content:"/ftt/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bertam.com.my"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714416/; classtype:trojan-activity;sid:83577516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714409)"; flow:established,from_client; content:"GET"; http_method; content:"/sa/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"axecapital.ro"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714409/; classtype:trojan-activity;sid:83577509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714410)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"evomart.com.bd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714410/; classtype:trojan-activity;sid:83577510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714411)"; flow:established,from_client; content:"GET"; http_method; content:"/iria/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hikeytrends.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714411/; classtype:trojan-activity;sid:83577511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714412)"; flow:established,from_client; content:"GET"; http_method; content:"/tm/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"landcom.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714412/; classtype:trojan-activity;sid:83577512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714413)"; flow:established,from_client; content:"GET"; http_method; content:"/tn/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"21cafegame.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714413/; classtype:trojan-activity;sid:83577513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714414)"; flow:established,from_client; content:"GET"; http_method; content:"/epo/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"agenciarays.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714414/; classtype:trojan-activity;sid:83577514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714404)"; flow:established,from_client; content:"GET"; http_method; content:"/aiic/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cpm.com.py"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714404/; classtype:trojan-activity;sid:83577504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714405)"; flow:established,from_client; content:"GET"; http_method; content:"/or/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"time4realestate.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714405/; classtype:trojan-activity;sid:83577505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714406)"; flow:established,from_client; content:"GET"; http_method; content:"/tuqe/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yellowstone.com.mm"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714406/; classtype:trojan-activity;sid:83577506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714407)"; flow:established,from_client; content:"GET"; http_method; content:"/et/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dbtowing.ca"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714407/; classtype:trojan-activity;sid:83577507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714408)"; flow:established,from_client; content:"GET"; http_method; content:"/ne/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bangladeshmulticarehospital.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714408/; classtype:trojan-activity;sid:83577508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714401)"; flow:established,from_client; content:"GET"; http_method; content:"/prd/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"citizensviews.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714401/; classtype:trojan-activity;sid:83577501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714402)"; flow:established,from_client; content:"GET"; http_method; content:"/tc/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"forbangladesh.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714402/; classtype:trojan-activity;sid:83577502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714403)"; flow:established,from_client; content:"GET"; http_method; content:"/easb/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ifcconstructions.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714403/; classtype:trojan-activity;sid:83577503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714388)"; flow:established,from_client; content:"GET"; http_method; content:"/ul/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"arshany.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714388/; classtype:trojan-activity;sid:83577488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714389)"; flow:established,from_client; content:"GET"; http_method; content:"/mqm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"easyjetflights.eu"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714389/; classtype:trojan-activity;sid:83577489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714390)"; flow:established,from_client; content:"GET"; http_method; content:"/ibim/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"promediol.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714390/; classtype:trojan-activity;sid:83577490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714391)"; flow:established,from_client; content:"GET"; http_method; content:"/bte/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"southwestairtrip.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714391/; classtype:trojan-activity;sid:83577491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714392)"; flow:established,from_client; content:"GET"; http_method; content:"/reu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"milagrodelembarazo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714392/; classtype:trojan-activity;sid:83577492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714393)"; flow:established,from_client; content:"GET"; http_method; content:"/eosi/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"acaciare.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714393/; classtype:trojan-activity;sid:83577493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714394)"; flow:established,from_client; content:"GET"; http_method; content:"/le/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lancecertoconsultoria.com.br"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714394/; classtype:trojan-activity;sid:83577494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714395)"; flow:established,from_client; content:"GET"; http_method; content:"/rit/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jhenaidahpoly.gov.bd"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714395/; classtype:trojan-activity;sid:83577495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714396)"; flow:established,from_client; content:"GET"; http_method; content:"/uom/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"madekingrealties.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714396/; classtype:trojan-activity;sid:83577496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714397)"; flow:established,from_client; content:"GET"; http_method; content:"/uicm/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mycopier.com.my"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714397/; classtype:trojan-activity;sid:83577497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714398)"; flow:established,from_client; content:"GET"; http_method; content:"/urs/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pollx.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714398/; classtype:trojan-activity;sid:83577498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714399)"; flow:established,from_client; content:"GET"; http_method; content:"/ui/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cash-handling-app.my.id"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714399/; classtype:trojan-activity;sid:83577499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714400)"; flow:established,from_client; content:"GET"; http_method; content:"/lom/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"flightbes.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714400/; classtype:trojan-activity;sid:83577500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714382)"; flow:established,from_client; content:"GET"; http_method; content:"/dune/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mimicindustries.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714382/; classtype:trojan-activity;sid:83577482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714383)"; flow:established,from_client; content:"GET"; http_method; content:"/fia/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ibuytech.pk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714383/; classtype:trojan-activity;sid:83577483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714384)"; flow:established,from_client; content:"GET"; http_method; content:"/uiu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"themarijuanashow.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714384/; classtype:trojan-activity;sid:83577484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714385)"; flow:established,from_client; content:"GET"; http_method; content:"/niu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gloessays.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714385/; classtype:trojan-activity;sid:83577485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714386)"; flow:established,from_client; content:"GET"; http_method; content:"/eea/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cadinova.ma"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714386/; classtype:trojan-activity;sid:83577486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714387)"; flow:established,from_client; content:"GET"; http_method; content:"/oa/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"africar.ng"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714387/; classtype:trojan-activity;sid:83577487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714376)"; flow:established,from_client; content:"GET"; http_method; content:"/te/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"organicfoodslahore.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714376/; classtype:trojan-activity;sid:83577476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714377)"; flow:established,from_client; content:"GET"; http_method; content:"/vt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"wubshetbekele.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714377/; classtype:trojan-activity;sid:83577477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714378)"; flow:established,from_client; content:"GET"; http_method; content:"/slpe/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"technicianssamsungrepair.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714378/; classtype:trojan-activity;sid:83577478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714379)"; flow:established,from_client; content:"GET"; http_method; content:"/omc/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"packagingorigins.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714379/; classtype:trojan-activity;sid:83577479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714380)"; flow:established,from_client; content:"GET"; http_method; content:"/ei/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monstertv.se"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714380/; classtype:trojan-activity;sid:83577480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714381)"; flow:established,from_client; content:"GET"; http_method; content:"/iiuq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"youth.digital"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714381/; classtype:trojan-activity;sid:83577481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714369)"; flow:established,from_client; content:"GET"; http_method; content:"/nidu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"101kpop.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714369/; classtype:trojan-activity;sid:83577469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714370)"; flow:established,from_client; content:"GET"; http_method; content:"/alei/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"flyforeducation.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714370/; classtype:trojan-activity;sid:83577470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714371)"; flow:established,from_client; content:"GET"; http_method; content:"/tev/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"premiumiptvservice.online"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714371/; classtype:trojan-activity;sid:83577471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714372)"; flow:established,from_client; content:"GET"; http_method; content:"/qia/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"yookoi.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714372/; classtype:trojan-activity;sid:83577472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714373)"; flow:established,from_client; content:"GET"; http_method; content:"/cl/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"expertaitalia.eu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714373/; classtype:trojan-activity;sid:83577473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714374)"; flow:established,from_client; content:"GET"; http_method; content:"/ro/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pteacademic79plus.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714374/; classtype:trojan-activity;sid:83577474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714375)"; flow:established,from_client; content:"GET"; http_method; content:"/usqa/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cosmositsolutions.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714375/; classtype:trojan-activity;sid:83577475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714368)"; flow:established,from_client; content:"GET"; http_method; content:"/mteu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gtf.rs"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714368/; classtype:trojan-activity;sid:83577468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714366)"; flow:established,from_client; content:"GET"; http_method; content:"/nt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hawaharadio.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714366/; classtype:trojan-activity;sid:83577466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714367)"; flow:established,from_client; content:"GET"; http_method; content:"/ma/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"globalhi-tech.sg"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714367/; classtype:trojan-activity;sid:83577467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714364)"; flow:established,from_client; content:"GET"; http_method; content:"/ood/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"taskbes.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714364/; classtype:trojan-activity;sid:83577464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714365)"; flow:established,from_client; content:"GET"; http_method; content:"/ue/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ajpglobalshopping.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714365/; classtype:trojan-activity;sid:83577465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714363)"; flow:established,from_client; content:"GET"; http_method; content:"/aee/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"asaawy.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714363/; classtype:trojan-activity;sid:83577463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714359)"; flow:established,from_client; content:"GET"; http_method; content:"/hi/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"kaliro.ac.ug"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714359/; classtype:trojan-activity;sid:83577459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714360)"; flow:established,from_client; content:"GET"; http_method; content:"/iruq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"technoreviews.cat"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714360/; classtype:trojan-activity;sid:83577460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714361)"; flow:established,from_client; content:"GET"; http_method; content:"/sfi/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"wcmtelecom.tv"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714361/; classtype:trojan-activity;sid:83577461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714362)"; flow:established,from_client; content:"GET"; http_method; content:"/tnn/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fefasa.hn"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714362/; classtype:trojan-activity;sid:83577462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714356)"; flow:established,from_client; content:"GET"; http_method; content:"/uree/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"reverasuplementos.fun"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714356/; classtype:trojan-activity;sid:83577456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714357)"; flow:established,from_client; content:"GET"; http_method; content:"/oda/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aeic-usa.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714357/; classtype:trojan-activity;sid:83577457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714358)"; flow:established,from_client; content:"GET"; http_method; content:"/dtue/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"supershuttles.co.za"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714358/; classtype:trojan-activity;sid:83577458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714355)"; flow:established,from_client; content:"GET"; http_method; content:"/ao/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"semquedagotas.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714355/; classtype:trojan-activity;sid:83577455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714354)"; flow:established,from_client; content:"GET"; http_method; content:"/nmag/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"suratpeo.go.th"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714354/; classtype:trojan-activity;sid:83577454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714350)"; flow:established,from_client; content:"GET"; http_method; content:"/sp/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ariyabodgroup.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714350/; classtype:trojan-activity;sid:83577450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714351)"; flow:established,from_client; content:"GET"; http_method; content:"/rx/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aplikasi.live"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714351/; classtype:trojan-activity;sid:83577451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714352)"; flow:established,from_client; content:"GET"; http_method; content:"/stau/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gatraders.com.pk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714352/; classtype:trojan-activity;sid:83577452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714353)"; flow:established,from_client; content:"GET"; http_method; content:"/pms/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lasertime.com.mx"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714353/; classtype:trojan-activity;sid:83577453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714338)"; flow:established,from_client; content:"GET"; http_method; content:"/los/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"macaperuanacomboro.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714338/; classtype:trojan-activity;sid:83577438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714339)"; flow:established,from_client; content:"GET"; http_method; content:"/uq/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"gpexpatservices.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714339/; classtype:trojan-activity;sid:83577439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714340)"; flow:established,from_client; content:"GET"; http_method; content:"/ut/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"wartakita.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714340/; classtype:trojan-activity;sid:83577440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714341)"; flow:established,from_client; content:"GET"; http_method; content:"/olu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ziflitestudio.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714341/; classtype:trojan-activity;sid:83577441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714342)"; flow:established,from_client; content:"GET"; http_method; content:"/etio/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"grupowcm.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714342/; classtype:trojan-activity;sid:83577442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714343)"; flow:established,from_client; content:"GET"; http_method; content:"/bp/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"landscapersindubai.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714343/; classtype:trojan-activity;sid:83577443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714344)"; flow:established,from_client; content:"GET"; http_method; content:"/iq/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"visibleangle.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714344/; classtype:trojan-activity;sid:83577444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714345)"; flow:established,from_client; content:"GET"; http_method; content:"/uspe/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"morgiou.ch"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714345/; classtype:trojan-activity;sid:83577445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714346)"; flow:established,from_client; content:"GET"; http_method; content:"/ou/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"kangaroo.agency"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714346/; classtype:trojan-activity;sid:83577446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714347)"; flow:established,from_client; content:"GET"; http_method; content:"/ecs/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"royannahal.ir"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714347/; classtype:trojan-activity;sid:83577447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714348)"; flow:established,from_client; content:"GET"; http_method; content:"/iulc/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mebleroni.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714348/; classtype:trojan-activity;sid:83577448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714349)"; flow:established,from_client; content:"GET"; http_method; content:"/aac/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aksharagalam.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714349/; classtype:trojan-activity;sid:83577449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714332)"; flow:established,from_client; content:"GET"; http_method; content:"/apue/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"samsclosets.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714332/; classtype:trojan-activity;sid:83577432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714333)"; flow:established,from_client; content:"GET"; http_method; content:"/inop/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"founders.net.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714333/; classtype:trojan-activity;sid:83577433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714334)"; flow:established,from_client; content:"GET"; http_method; content:"/mnii/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"robsonarturmontemezzo.space"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714334/; classtype:trojan-activity;sid:83577434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714335)"; flow:established,from_client; content:"GET"; http_method; content:"/vla/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cricketresidentialelectricians.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714335/; classtype:trojan-activity;sid:83577435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714336)"; flow:established,from_client; content:"GET"; http_method; content:"/nn/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pacificlandbuyers.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714336/; classtype:trojan-activity;sid:83577436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714337)"; flow:established,from_client; content:"GET"; http_method; content:"/vlp/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kiwifare.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714337/; classtype:trojan-activity;sid:83577437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714324)"; flow:established,from_client; content:"GET"; http_method; content:"/asc/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"clippingpathunited.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714324/; classtype:trojan-activity;sid:83577424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714325)"; flow:established,from_client; content:"GET"; http_method; content:"/igtn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ibig.co.il"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714325/; classtype:trojan-activity;sid:83577425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714326)"; flow:established,from_client; content:"GET"; http_method; content:"/onme/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"minidoctor.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714326/; classtype:trojan-activity;sid:83577426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714327)"; flow:established,from_client; content:"GET"; http_method; content:"/mear/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"topsmileperu.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714327/; classtype:trojan-activity;sid:83577427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714328)"; flow:established,from_client; content:"GET"; http_method; content:"/atie/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mytexasviprewards.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714328/; classtype:trojan-activity;sid:83577428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714329)"; flow:established,from_client; content:"GET"; http_method; content:"/emx/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"benere.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714329/; classtype:trojan-activity;sid:83577429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714330)"; flow:established,from_client; content:"GET"; http_method; content:"/toq/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pantherradio.media"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714330/; classtype:trojan-activity;sid:83577430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714331)"; flow:established,from_client; content:"GET"; http_method; content:"/uue/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"winstonandfriendz.ca"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714331/; classtype:trojan-activity;sid:83577431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714322)"; flow:established,from_client; content:"GET"; http_method; content:"/evl/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"egypt4translation.qa"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714322/; classtype:trojan-activity;sid:83577422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714323)"; flow:established,from_client; content:"GET"; http_method; content:"/llo/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"movingtomexico.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714323/; classtype:trojan-activity;sid:83577423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714321)"; flow:established,from_client; content:"GET"; http_method; content:"/rqo/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.76.61.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714321/; classtype:trojan-activity;sid:83577421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714320)"; flow:established,from_client; content:"GET"; http_method; content:"/qm/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"66.42.93.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714320/; classtype:trojan-activity;sid:83577420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714318)"; flow:established,from_client; content:"GET"; http_method; content:"/uot/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1qubed.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714318/; classtype:trojan-activity;sid:83577418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714319)"; flow:established,from_client; content:"GET"; http_method; content:"/oip/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"androidcorners.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714319/; classtype:trojan-activity;sid:83577419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714316)"; flow:established,from_client; content:"GET"; http_method; content:"/ii/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"gplataforma.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714316/; classtype:trojan-activity;sid:83577416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714317)"; flow:established,from_client; content:"GET"; http_method; content:"/icf/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vivianecerqueira.adv.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714317/; classtype:trojan-activity;sid:83577417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714305)"; flow:established,from_client; content:"GET"; http_method; content:"/enr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"givemerank.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714305/; classtype:trojan-activity;sid:83577405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714306)"; flow:established,from_client; content:"GET"; http_method; content:"/pte/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"wildiptv.store"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714306/; classtype:trojan-activity;sid:83577406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714307)"; flow:established,from_client; content:"GET"; http_method; content:"/sa/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"wildiptv.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714307/; classtype:trojan-activity;sid:83577407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714308)"; flow:established,from_client; content:"GET"; http_method; content:"/aen/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"figmax.fun"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714308/; classtype:trojan-activity;sid:83577408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714309)"; flow:established,from_client; content:"GET"; http_method; content:"/tb/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"easyjetflights.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714309/; classtype:trojan-activity;sid:83577409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714310)"; flow:established,from_client; content:"GET"; http_method; content:"/smui/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rocksecuritymw.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714310/; classtype:trojan-activity;sid:83577410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714311)"; flow:established,from_client; content:"GET"; http_method; content:"/et/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"shoppingrf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714311/; classtype:trojan-activity;sid:83577411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714312)"; flow:established,from_client; content:"GET"; http_method; content:"/li/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tsmedia.id"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714312/; classtype:trojan-activity;sid:83577412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714313)"; flow:established,from_client; content:"GET"; http_method; content:"/lt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"themotorsnews.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714313/; classtype:trojan-activity;sid:83577413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714314)"; flow:established,from_client; content:"GET"; http_method; content:"/nsni/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"luxury-event-rentals.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714314/; classtype:trojan-activity;sid:83577414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714315)"; flow:established,from_client; content:"GET"; http_method; content:"/iidq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sirishareddy.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714315/; classtype:trojan-activity;sid:83577415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714302)"; flow:established,from_client; content:"GET"; http_method; content:"/ierv/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shinesystempro.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714302/; classtype:trojan-activity;sid:83577402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714303)"; flow:established,from_client; content:"GET"; http_method; content:"/siol/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"88.119.175.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714303/; classtype:trojan-activity;sid:83577403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714304)"; flow:established,from_client; content:"GET"; http_method; content:"/luaa/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"88.119.175.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714304/; classtype:trojan-activity;sid:83577404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714301)"; flow:established,from_client; content:"GET"; http_method; content:"/sern/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"samehelsadat.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714301/; classtype:trojan-activity;sid:83577401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714300)"; flow:established,from_client; content:"GET"; http_method; content:"/epd/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hunil.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714300/; classtype:trojan-activity;sid:83577400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714297)"; flow:established,from_client; content:"GET"; http_method; content:"/aein/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"newvisionmedical-egypt.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714297/; classtype:trojan-activity;sid:83577397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714298)"; flow:established,from_client; content:"GET"; http_method; content:"/mae/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tec-tronicss.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714298/; classtype:trojan-activity;sid:83577398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714299)"; flow:established,from_client; content:"GET"; http_method; content:"/prm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renovad3.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714299/; classtype:trojan-activity;sid:83577399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714293)"; flow:established,from_client; content:"GET"; http_method; content:"/nt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ahantadevnet.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714293/; classtype:trojan-activity;sid:83577393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714294)"; flow:established,from_client; content:"GET"; http_method; content:"/umue/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"qualiteodonto.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714294/; classtype:trojan-activity;sid:83577394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714295)"; flow:established,from_client; content:"GET"; http_method; content:"/oadl/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"teals.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714295/; classtype:trojan-activity;sid:83577395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714296)"; flow:established,from_client; content:"GET"; http_method; content:"/dii/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lapicaflora.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714296/; classtype:trojan-activity;sid:83577396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714292)"; flow:established,from_client; content:"GET"; http_method; content:"/ti/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tanhaenterprise.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714292/; classtype:trojan-activity;sid:83577392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714291)"; flow:established,from_client; content:"GET"; http_method; content:"/osr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"expertsinteriors.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714291/; classtype:trojan-activity;sid:83577391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714290)"; flow:established,from_client; content:"GET"; http_method; content:"/er/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hondamardan.com.pk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714290/; classtype:trojan-activity;sid:83577390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714288)"; flow:established,from_client; content:"GET"; http_method; content:"/iets/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"osamaconstruction99.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714288/; classtype:trojan-activity;sid:83577388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714289)"; flow:established,from_client; content:"GET"; http_method; content:"/nfci/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gloacademic.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714289/; classtype:trojan-activity;sid:83577389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714287)"; flow:established,from_client; content:"GET"; http_method; content:"/nm/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"corehost.host"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714287/; classtype:trojan-activity;sid:83577387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.52.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714286/; classtype:trojan-activity;sid:83577386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714285)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666188111|3f|hash=yqlzqnwmehoj6rajdlbd8asukabtanjblscgdktoecs|7c|26|7c|dl=ympwrhq0cxqv8xas05fhamch9ybgbi8lejroznggjwg|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714285/; classtype:trojan-activity;sid:83577385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.193.112.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714284/; classtype:trojan-activity;sid:83577384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714283)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.179.179.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714283/; classtype:trojan-activity;sid:83577383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.88.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714282/; classtype:trojan-activity;sid:83577382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714281)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sah-get.fartit.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714281/; classtype:trojan-activity;sid:83577381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714280)"; flow:established,from_client; content:"GET"; http_method; content:"/app1.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sah-art.fartit.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714280/; classtype:trojan-activity;sid:83577380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714279)"; flow:established,from_client; content:"GET"; http_method; content:"/mercury.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"81.161.229.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714279/; classtype:trojan-activity;sid:83577379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714278)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"219.68.171.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714278/; classtype:trojan-activity;sid:83577378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714272)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/payslip/docnic20230925.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714272/; classtype:trojan-activity;sid:83577372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714273)"; flow:established,from_client; content:"GET"; http_method; content:"/proformainvoice.info/pay/document1.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714273/; classtype:trojan-activity;sid:83577373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714274)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/payslip/dockin20230925.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714274/; classtype:trojan-activity;sid:83577374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714275)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/payslip/docutc20230925.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714275/; classtype:trojan-activity;sid:83577375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714276)"; flow:established,from_client; content:"GET"; http_method; content:"/proformainvoice.info/slip/bawo.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714276/; classtype:trojan-activity;sid:83577376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714277)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/payslip/docrw20230925.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714277/; classtype:trojan-activity;sid:83577377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714270)"; flow:established,from_client; content:"GET"; http_method; content:"/proformainvoice.info/slip/documentblur.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714270/; classtype:trojan-activity;sid:83577370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714271)"; flow:established,from_client; content:"GET"; http_method; content:"/proformainvoice.info/slip/docjoh20230925.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714271/; classtype:trojan-activity;sid:83577371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714269)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/invoice/docjos20230925.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714269/; classtype:trojan-activity;sid:83577369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714266)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/invoice/docfre20230925.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714266/; classtype:trojan-activity;sid:83577366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714267)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/invoice/docyo20230926.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714267/; classtype:trojan-activity;sid:83577367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714268)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/payslip/docdimt20230925.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714268/; classtype:trojan-activity;sid:83577368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714262)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/invoice/docyo20230925.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714262/; classtype:trojan-activity;sid:83577362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714263)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/payslip/docgen20230925.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714263/; classtype:trojan-activity;sid:83577363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714264)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/invoice/dochus20230925.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714264/; classtype:trojan-activity;sid:83577364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714265)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/invoice/docgur20230925.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714265/; classtype:trojan-activity;sid:83577365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714260)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/payslip/docble20230925.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714260/; classtype:trojan-activity;sid:83577360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714261)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/payslip/docjhny20230925.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714261/; classtype:trojan-activity;sid:83577361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714259)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/payslip/docfra20230925.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714259/; classtype:trojan-activity;sid:83577359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714257)"; flow:established,from_client; content:"GET"; http_method; content:"/collar.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714257/; classtype:trojan-activity;sid:83577357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714258)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/invoice/docdad20230925.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714258/; classtype:trojan-activity;sid:83577358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714254)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/invoice/docdav20230925.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714254/; classtype:trojan-activity;sid:83577354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714255)"; flow:established,from_client; content:"GET"; http_method; content:"/charles.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714255/; classtype:trojan-activity;sid:83577355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714256)"; flow:established,from_client; content:"GET"; http_method; content:"/docdav20230923.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714256/; classtype:trojan-activity;sid:83577356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714253)"; flow:established,from_client; content:"GET"; http_method; content:"/voilarape.online/invoice/docdav20230926.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"payorderreceipt.info"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714253/; classtype:trojan-activity;sid:83577353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714252)"; flow:established,from_client; content:"GET"; http_method; content:"/eee.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"116.203.121.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714252/; classtype:trojan-activity;sid:83577352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714251)"; flow:established,from_client; content:"GET"; http_method; content:"/ntpvip.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.38.236.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714251/; classtype:trojan-activity;sid:83577351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714250)"; flow:established,from_client; content:"GET"; http_method; content:"/ntp.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.38.236.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714250/; classtype:trojan-activity;sid:83577350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714245)"; flow:established,from_client; content:"GET"; http_method; content:"/3ntp.docx.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.38.236.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714245/; classtype:trojan-activity;sid:83577345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714246)"; flow:established,from_client; content:"GET"; http_method; content:"/ntp.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.38.236.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714246/; classtype:trojan-activity;sid:83577346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714247)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.38.236.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714247/; classtype:trojan-activity;sid:83577347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714248)"; flow:established,from_client; content:"GET"; http_method; content:"/archive/usertp.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.38.236.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714248/; classtype:trojan-activity;sid:83577348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714249)"; flow:established,from_client; content:"GET"; http_method; content:"/tienphouk.pdf.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.38.236.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714249/; classtype:trojan-activity;sid:83577349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714242/; classtype:trojan-activity;sid:83577342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.88.80.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714243/; classtype:trojan-activity;sid:83577343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.74.28.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714244/; classtype:trojan-activity;sid:83577344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.184.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714241/; classtype:trojan-activity;sid:83577341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.12.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714240/; classtype:trojan-activity;sid:83577340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714239)"; flow:established,from_client; content:"GET"; http_method; content:"/toq/|3f|88085611"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pantherradio.media"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714239/; classtype:trojan-activity;sid:83577339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.72.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714238/; classtype:trojan-activity;sid:83577338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714237)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.85.155.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714237/; classtype:trojan-activity;sid:83577337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.182.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714236/; classtype:trojan-activity;sid:83577336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714235)"; flow:established,from_client; content:"GET"; http_method; content:"/suii/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"megakons.com.ec"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714235/; classtype:trojan-activity;sid:83577335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714232)"; flow:established,from_client; content:"GET"; http_method; content:"/sptv/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"southpointlogistics.com.my"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714232/; classtype:trojan-activity;sid:83577332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714233)"; flow:established,from_client; content:"GET"; http_method; content:"/inte/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ajpglobalshopping.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714233/; classtype:trojan-activity;sid:83577333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714234)"; flow:established,from_client; content:"GET"; http_method; content:"/acr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gomaspureglow.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714234/; classtype:trojan-activity;sid:83577334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714228)"; flow:established,from_client; content:"GET"; http_method; content:"/eps/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"youth.digital"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714228/; classtype:trojan-activity;sid:83577328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714229)"; flow:established,from_client; content:"GET"; http_method; content:"/tvp/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"evomart.com.bd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714229/; classtype:trojan-activity;sid:83577329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714230)"; flow:established,from_client; content:"GET"; http_method; content:"/veo/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"asaawy.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714230/; classtype:trojan-activity;sid:83577330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714231)"; flow:established,from_client; content:"GET"; http_method; content:"/pin/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"shinesystempro.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714231/; classtype:trojan-activity;sid:83577331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714222)"; flow:established,from_client; content:"GET"; http_method; content:"/mc/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"landscapersindubai.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714222/; classtype:trojan-activity;sid:83577322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714223)"; flow:established,from_client; content:"GET"; http_method; content:"/atn/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"colorfuldestinationsindia.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714223/; classtype:trojan-activity;sid:83577323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714224)"; flow:established,from_client; content:"GET"; http_method; content:"/net/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rastreamentos.me"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714224/; classtype:trojan-activity;sid:83577324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714225)"; flow:established,from_client; content:"GET"; http_method; content:"/ault/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sgedigital.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714225/; classtype:trojan-activity;sid:83577325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714226)"; flow:established,from_client; content:"GET"; http_method; content:"/ed/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mpcelmobile.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714226/; classtype:trojan-activity;sid:83577326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714227)"; flow:established,from_client; content:"GET"; http_method; content:"/ton/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"journeotravel.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714227/; classtype:trojan-activity;sid:83577327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714210)"; flow:established,from_client; content:"GET"; http_method; content:"/in/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"technoreviews.cat"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714210/; classtype:trojan-activity;sid:83577310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714211)"; flow:established,from_client; content:"GET"; http_method; content:"/uinh/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mebleroni.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714211/; classtype:trojan-activity;sid:83577311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714212)"; flow:established,from_client; content:"GET"; http_method; content:"/aa/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"example.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714212/; classtype:trojan-activity;sid:83577312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714213)"; flow:established,from_client; content:"GET"; http_method; content:"/ib/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mfleader.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714213/; classtype:trojan-activity;sid:83577313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714214)"; flow:established,from_client; content:"GET"; http_method; content:"/vpe/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"forbangladesh.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714214/; classtype:trojan-activity;sid:83577314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714215)"; flow:established,from_client; content:"GET"; http_method; content:"/buod/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wildiptv.store"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714215/; classtype:trojan-activity;sid:83577315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714216)"; flow:established,from_client; content:"GET"; http_method; content:"/toor/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"internationalsweetfactory.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714216/; classtype:trojan-activity;sid:83577316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714217)"; flow:established,from_client; content:"GET"; http_method; content:"/tuqe/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"winstonandfriendz.ca"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714217/; classtype:trojan-activity;sid:83577317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714218)"; flow:established,from_client; content:"GET"; http_method; content:"/oae/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"isbmaintenance.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714218/; classtype:trojan-activity;sid:83577318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714219)"; flow:established,from_client; content:"GET"; http_method; content:"/ti/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"visibleangle.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714219/; classtype:trojan-activity;sid:83577319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714220)"; flow:established,from_client; content:"GET"; http_method; content:"/et/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"igcar.es"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714220/; classtype:trojan-activity;sid:83577320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714221)"; flow:established,from_client; content:"GET"; http_method; content:"/atul/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"perfectprintoficial.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714221/; classtype:trojan-activity;sid:83577321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714208)"; flow:established,from_client; content:"GET"; http_method; content:"/anr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renovad3suplemento.fun"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714208/; classtype:trojan-activity;sid:83577308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714209)"; flow:established,from_client; content:"GET"; http_method; content:"/rc/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cadinova.ma"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714209/; classtype:trojan-activity;sid:83577309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714207)"; flow:established,from_client; content:"GET"; http_method; content:"/amq/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"clippingpathunited.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714207/; classtype:trojan-activity;sid:83577307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714203)"; flow:established,from_client; content:"GET"; http_method; content:"/si/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"benere.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714203/; classtype:trojan-activity;sid:83577303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714204)"; flow:established,from_client; content:"GET"; http_method; content:"/ueb/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ifcconstructions.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714204/; classtype:trojan-activity;sid:83577304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714205)"; flow:established,from_client; content:"GET"; http_method; content:"/tdu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"samsclosets.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714205/; classtype:trojan-activity;sid:83577305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714206)"; flow:established,from_client; content:"GET"; http_method; content:"/noe/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newvisionmedical-egypt.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714206/; classtype:trojan-activity;sid:83577306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714200)"; flow:established,from_client; content:"GET"; http_method; content:"/dtim/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"suratpeo.go.th"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714200/; classtype:trojan-activity;sid:83577300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714201)"; flow:established,from_client; content:"GET"; http_method; content:"/cnie/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ontechrio.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714201/; classtype:trojan-activity;sid:83577301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714202)"; flow:established,from_client; content:"GET"; http_method; content:"/ia/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cash-handling-app.my.id"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714202/; classtype:trojan-activity;sid:83577302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714196)"; flow:established,from_client; content:"GET"; http_method; content:"/oste/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"supershuttles.co.za"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714196/; classtype:trojan-activity;sid:83577296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714197)"; flow:established,from_client; content:"GET"; http_method; content:"/mqas/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ibig.co.il"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714197/; classtype:trojan-activity;sid:83577297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714198)"; flow:established,from_client; content:"GET"; http_method; content:"/qm/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cuidadosfemininosbr.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714198/; classtype:trojan-activity;sid:83577298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714199)"; flow:established,from_client; content:"GET"; http_method; content:"/hri/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dispatchlogisticspro.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714199/; classtype:trojan-activity;sid:83577299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714190)"; flow:established,from_client; content:"GET"; http_method; content:"/lauc/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"packagingorigins.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714190/; classtype:trojan-activity;sid:83577290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714191)"; flow:established,from_client; content:"GET"; http_method; content:"/otvs/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gsrhrservices.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714191/; classtype:trojan-activity;sid:83577291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714192)"; flow:established,from_client; content:"GET"; http_method; content:"/tv/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"compradoo.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714192/; classtype:trojan-activity;sid:83577292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714193)"; flow:established,from_client; content:"GET"; http_method; content:"/lm/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ahantadevnet.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714193/; classtype:trojan-activity;sid:83577293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714194)"; flow:established,from_client; content:"GET"; http_method; content:"/sn/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"alraeid.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714194/; classtype:trojan-activity;sid:83577294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714195)"; flow:established,from_client; content:"GET"; http_method; content:"/sus/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"medicenter.fun"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714195/; classtype:trojan-activity;sid:83577295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714189)"; flow:established,from_client; content:"GET"; http_method; content:"/ovo/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tikwave.site"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714189/; classtype:trojan-activity;sid:83577289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714188)"; flow:established,from_client; content:"GET"; http_method; content:"/iut/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gruphost.es"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714188/; classtype:trojan-activity;sid:83577288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714186)"; flow:established,from_client; content:"GET"; http_method; content:"/ii/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"semquedagotas.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714186/; classtype:trojan-activity;sid:83577286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714187)"; flow:established,from_client; content:"GET"; http_method; content:"/isai/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aplikasi.live"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714187/; classtype:trojan-activity;sid:83577287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714185)"; flow:established,from_client; content:"GET"; http_method; content:"/tie/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"africar.ng"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714185/; classtype:trojan-activity;sid:83577285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714179)"; flow:established,from_client; content:"GET"; http_method; content:"/ui/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"technicianssamsungrepair.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714179/; classtype:trojan-activity;sid:83577279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714180)"; flow:established,from_client; content:"GET"; http_method; content:"/ue/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ariyabodgroup.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714180/; classtype:trojan-activity;sid:83577280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714181)"; flow:established,from_client; content:"GET"; http_method; content:"/ee/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"vs-lb.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714181/; classtype:trojan-activity;sid:83577281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714182)"; flow:established,from_client; content:"GET"; http_method; content:"/ai/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"agenciarays.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714182/; classtype:trojan-activity;sid:83577282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714183)"; flow:established,from_client; content:"GET"; http_method; content:"/rer/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"founders.net.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714183/; classtype:trojan-activity;sid:83577283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714184)"; flow:established,from_client; content:"GET"; http_method; content:"/mosn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"grupowcm.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714184/; classtype:trojan-activity;sid:83577284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714167)"; flow:established,from_client; content:"GET"; http_method; content:"/ttr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"organicfoodslahore.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714167/; classtype:trojan-activity;sid:83577267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714168)"; flow:established,from_client; content:"GET"; http_method; content:"/ooio/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"samehelsadat.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714168/; classtype:trojan-activity;sid:83577268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714169)"; flow:established,from_client; content:"GET"; http_method; content:"/epie/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"drvidhya.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714169/; classtype:trojan-activity;sid:83577269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714170)"; flow:established,from_client; content:"GET"; http_method; content:"/pia/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tsmedia.id"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714170/; classtype:trojan-activity;sid:83577270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714171)"; flow:established,from_client; content:"GET"; http_method; content:"/eq/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"shenergi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714171/; classtype:trojan-activity;sid:83577271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714172)"; flow:established,from_client; content:"GET"; http_method; content:"/vnn/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"landcom.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714172/; classtype:trojan-activity;sid:83577272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714173)"; flow:established,from_client; content:"GET"; http_method; content:"/msl/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dentesplaza.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714173/; classtype:trojan-activity;sid:83577273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714174)"; flow:established,from_client; content:"GET"; http_method; content:"/ni/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ltiacademy.co.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714174/; classtype:trojan-activity;sid:83577274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714175)"; flow:established,from_client; content:"GET"; http_method; content:"/ip/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"topsmileperu.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714175/; classtype:trojan-activity;sid:83577275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714176)"; flow:established,from_client; content:"GET"; http_method; content:"/ia/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"glowriters.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714176/; classtype:trojan-activity;sid:83577276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714177)"; flow:established,from_client; content:"GET"; http_method; content:"/tsau/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"pacificlandbuyers.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714177/; classtype:trojan-activity;sid:83577277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714178)"; flow:established,from_client; content:"GET"; http_method; content:"/rree/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"trendki.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714178/; classtype:trojan-activity;sid:83577278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714147)"; flow:established,from_client; content:"GET"; http_method; content:"/mst/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"101kpop.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714147/; classtype:trojan-activity;sid:83577247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714148)"; flow:established,from_client; content:"GET"; http_method; content:"/tequ/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"quantumleadershipinc.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714148/; classtype:trojan-activity;sid:83577248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714149)"; flow:established,from_client; content:"GET"; http_method; content:"/mee/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kiwifare.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714149/; classtype:trojan-activity;sid:83577249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714150)"; flow:established,from_client; content:"GET"; http_method; content:"/sul/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bangladeshmulticarehospital.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714150/; classtype:trojan-activity;sid:83577250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714151)"; flow:established,from_client; content:"GET"; http_method; content:"/uutt/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mytexasviprewards.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714151/; classtype:trojan-activity;sid:83577251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714152)"; flow:established,from_client; content:"GET"; http_method; content:"/lc/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"faregadget.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714152/; classtype:trojan-activity;sid:83577252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714153)"; flow:established,from_client; content:"GET"; http_method; content:"/mlr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jhenaidahpoly.gov.bd"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714153/; classtype:trojan-activity;sid:83577253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714154)"; flow:established,from_client; content:"GET"; http_method; content:"/gl/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"premiumiptvservice.online"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714154/; classtype:trojan-activity;sid:83577254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714155)"; flow:established,from_client; content:"GET"; http_method; content:"/ni/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"21cafegame.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714155/; classtype:trojan-activity;sid:83577255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714156)"; flow:established,from_client; content:"GET"; http_method; content:"/puu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nile-cruiise-egypt.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714156/; classtype:trojan-activity;sid:83577256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714157)"; flow:established,from_client; content:"GET"; http_method; content:"/cr/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"brandingmavericks.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714157/; classtype:trojan-activity;sid:83577257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714158)"; flow:established,from_client; content:"GET"; http_method; content:"/iae/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lembang.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714158/; classtype:trojan-activity;sid:83577258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714159)"; flow:established,from_client; content:"GET"; http_method; content:"/ior/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kalismprivateltd.co.uk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714159/; classtype:trojan-activity;sid:83577259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714160)"; flow:established,from_client; content:"GET"; http_method; content:"/ae/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"stroongliife.online"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714160/; classtype:trojan-activity;sid:83577260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714161)"; flow:established,from_client; content:"GET"; http_method; content:"/nei/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"igcar.cat"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714161/; classtype:trojan-activity;sid:83577261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714162)"; flow:established,from_client; content:"GET"; http_method; content:"/uti/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gmhssbajaur.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714162/; classtype:trojan-activity;sid:83577262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714163)"; flow:established,from_client; content:"GET"; http_method; content:"/nsmg/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wcmtelecom.tv"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714163/; classtype:trojan-activity;sid:83577263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714164)"; flow:established,from_client; content:"GET"; http_method; content:"/cc/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"figmax.fun"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714164/; classtype:trojan-activity;sid:83577264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714165)"; flow:established,from_client; content:"GET"; http_method; content:"/teu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"reverasuplementos.fun"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714165/; classtype:trojan-activity;sid:83577265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714166)"; flow:established,from_client; content:"GET"; http_method; content:"/te/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"androidcorners.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714166/; classtype:trojan-activity;sid:83577266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714144)"; flow:established,from_client; content:"GET"; http_method; content:"/lrai/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"florindumitrescu.eu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714144/; classtype:trojan-activity;sid:83577244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714145)"; flow:established,from_client; content:"GET"; http_method; content:"/rat/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"themarijuanashow.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714145/; classtype:trojan-activity;sid:83577245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714146)"; flow:established,from_client; content:"GET"; http_method; content:"/umu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kaliro.ac.ug"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714146/; classtype:trojan-activity;sid:83577246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714143)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666156647|3f|hash=soiqyje1kh2s4y7xaaouy5zz99bkiuoksplifpkbkuo|7c|26|7c|dl=mrfy1lxckpt1qoxmyjdb3nc0s3rlivvd2s1w7plxjxk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714143/; classtype:trojan-activity;sid:83577243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714141)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666179848|3f|hash=ufi1befgqgh7iipzqkdffpmcavforpdbdfakorxglho|7c|26|7c|dl=vv1rp4emqtts6tlofur6tvz5c57kyo2mhs3tnrpwwzl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714141/; classtype:trojan-activity;sid:83577241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714142)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666181938|3f|hash=qwmdocbpzj2wb6mymi1ka3xnmuoj6plxfkyolyrgusk|7c|26|7c|dl=phpb48gjucqzztwbfdr0modlekuhetooiz9xmezxbhg|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714142/; classtype:trojan-activity;sid:83577242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714140)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ir.fartit.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714140/; classtype:trojan-activity;sid:83577240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714138)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ir-c.fartit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714138/; classtype:trojan-activity;sid:83577238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714139)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666188067|3f|hash=r1na54zxajg4kofdexqzx17zbzpd5xxdboowsdvp5tx|7c|26|7c|dl=eoyaxqrin0wwy7mtgf0etj1zjvcjuua0fy3felnyzec|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714139/; classtype:trojan-activity;sid:83577239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714135)"; flow:established,from_client; content:"GET"; http_method; content:"/ibn/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"chaomaoaluoi.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714135/; classtype:trojan-activity;sid:83577235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714136)"; flow:established,from_client; content:"GET"; http_method; content:"/app1.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"iran-ba.otzo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714136/; classtype:trojan-activity;sid:83577236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714137)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aro-ir.faqserv.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714137/; classtype:trojan-activity;sid:83577237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714134)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"iran-cb.otzo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714134/; classtype:trojan-activity;sid:83577234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714130)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ta-iran.otzo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714130/; classtype:trojan-activity;sid:83577230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714131)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sah-iran.otzo.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714131/; classtype:trojan-activity;sid:83577231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714132)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"iran-da.otzo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714132/; classtype:trojan-activity;sid:83577232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714133)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adl-nig.faqserv.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714133/; classtype:trojan-activity;sid:83577233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714129)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.4.97.119"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714129/; classtype:trojan-activity;sid:83577229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714128)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.141.148.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714128/; classtype:trojan-activity;sid:83577228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.246.230.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714127/; classtype:trojan-activity;sid:83577227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714126)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"38.25.234.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714126/; classtype:trojan-activity;sid:83577226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714125)"; flow:established,from_client; content:"GET"; http_method; content:"/ooie/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"toohami.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714125/; classtype:trojan-activity;sid:83577225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714124)"; flow:established,from_client; content:"GET"; http_method; content:"/iec/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"givemerank.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714124/; classtype:trojan-activity;sid:83577224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714122)"; flow:established,from_client; content:"GET"; http_method; content:"/eevo/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeic-usa.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714122/; classtype:trojan-activity;sid:83577222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714123)"; flow:established,from_client; content:"GET"; http_method; content:"/uute/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yellowstone.com.mm"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714123/; classtype:trojan-activity;sid:83577223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714113)"; flow:established,from_client; content:"GET"; http_method; content:"/ubu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"osamaconstruction99.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714113/; classtype:trojan-activity;sid:83577213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714114)"; flow:established,from_client; content:"GET"; http_method; content:"/ii/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mandataris.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714114/; classtype:trojan-activity;sid:83577214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714115)"; flow:established,from_client; content:"GET"; http_method; content:"/qiua/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"astrosensei.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714115/; classtype:trojan-activity;sid:83577215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714116)"; flow:established,from_client; content:"GET"; http_method; content:"/eats/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"pollx.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714116/; classtype:trojan-activity;sid:83577216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714117)"; flow:established,from_client; content:"GET"; http_method; content:"/ion/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"luxury-event-rentals.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714117/; classtype:trojan-activity;sid:83577217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714118)"; flow:established,from_client; content:"GET"; http_method; content:"/tum/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fefasa.hn"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714118/; classtype:trojan-activity;sid:83577218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714119)"; flow:established,from_client; content:"GET"; http_method; content:"/leas/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"grupec.com.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714119/; classtype:trojan-activity;sid:83577219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714120)"; flow:established,from_client; content:"GET"; http_method; content:"/isi/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kelotecnologia.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714120/; classtype:trojan-activity;sid:83577220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714121)"; flow:established,from_client; content:"GET"; http_method; content:"/iam/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"skincaremulher.fun"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714121/; classtype:trojan-activity;sid:83577221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714101)"; flow:established,from_client; content:"GET"; http_method; content:"/qu/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"brandwebdemo.digital"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714101/; classtype:trojan-activity;sid:83577201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714102)"; flow:established,from_client; content:"GET"; http_method; content:"/tiis/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gatraders.com.pk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714102/; classtype:trojan-activity;sid:83577202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714103)"; flow:established,from_client; content:"GET"; http_method; content:"/et/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"madekingrealties.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714103/; classtype:trojan-activity;sid:83577203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714104)"; flow:established,from_client; content:"GET"; http_method; content:"/ual/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"teals.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714104/; classtype:trojan-activity;sid:83577204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714105)"; flow:established,from_client; content:"GET"; http_method; content:"/nua/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hostingbes.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714105/; classtype:trojan-activity;sid:83577205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714106)"; flow:established,from_client; content:"GET"; http_method; content:"/feu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bebidasjerusalem.com.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714106/; classtype:trojan-activity;sid:83577206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714107)"; flow:established,from_client; content:"GET"; http_method; content:"/etax/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"expertsinteriors.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714107/; classtype:trojan-activity;sid:83577207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714108)"; flow:established,from_client; content:"GET"; http_method; content:"/stof/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"vivianecerqueira.adv.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714108/; classtype:trojan-activity;sid:83577208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714109)"; flow:established,from_client; content:"GET"; http_method; content:"/um/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"semquedagotas.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714109/; classtype:trojan-activity;sid:83577209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714110)"; flow:established,from_client; content:"GET"; http_method; content:"/uoqi/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"wartakita.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714110/; classtype:trojan-activity;sid:83577210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714111)"; flow:established,from_client; content:"GET"; http_method; content:"/oouu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"expertaitalia.eu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714111/; classtype:trojan-activity;sid:83577211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714112)"; flow:established,from_client; content:"GET"; http_method; content:"/ai/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"elnadahospitals.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714112/; classtype:trojan-activity;sid:83577212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714088)"; flow:established,from_client; content:"GET"; http_method; content:"/ae/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"beautypele.fun"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714088/; classtype:trojan-activity;sid:83577188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714089)"; flow:established,from_client; content:"GET"; http_method; content:"/iasa/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"visitorspolicy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714089/; classtype:trojan-activity;sid:83577189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714090)"; flow:established,from_client; content:"GET"; http_method; content:"/name/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sitio.cnf.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714090/; classtype:trojan-activity;sid:83577190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714091)"; flow:established,from_client; content:"GET"; http_method; content:"/minq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ibuytech.pk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714091/; classtype:trojan-activity;sid:83577191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714092)"; flow:established,from_client; content:"GET"; http_method; content:"/epo/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"nganhangsovn.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714092/; classtype:trojan-activity;sid:83577192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714093)"; flow:established,from_client; content:"GET"; http_method; content:"/das/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"onehits24.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714093/; classtype:trojan-activity;sid:83577193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714094)"; flow:established,from_client; content:"GET"; http_method; content:"/ld/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"movingtomexico.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714094/; classtype:trojan-activity;sid:83577194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714095)"; flow:established,from_client; content:"GET"; http_method; content:"/rpqs/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"alpileannn.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714095/; classtype:trojan-activity;sid:83577195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714096)"; flow:established,from_client; content:"GET"; http_method; content:"/qn/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"superdreadiswag.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714096/; classtype:trojan-activity;sid:83577196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714097)"; flow:established,from_client; content:"GET"; http_method; content:"/teso/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gloacademic.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714097/; classtype:trojan-activity;sid:83577197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714098)"; flow:established,from_client; content:"GET"; http_method; content:"/nd/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"gsrglobal.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714098/; classtype:trojan-activity;sid:83577198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714099)"; flow:established,from_client; content:"GET"; http_method; content:"/elr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mimicindustries.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714099/; classtype:trojan-activity;sid:83577199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714100)"; flow:established,from_client; content:"GET"; http_method; content:"/emcx/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"pteacademic79plus.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714100/; classtype:trojan-activity;sid:83577200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714075)"; flow:established,from_client; content:"GET"; http_method; content:"/eied/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ethnos.org.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714075/; classtype:trojan-activity;sid:83577175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714076)"; flow:established,from_client; content:"GET"; http_method; content:"/pei/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"midiajcbdigital.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714076/; classtype:trojan-activity;sid:83577176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714077)"; flow:established,from_client; content:"GET"; http_method; content:"/dtlp/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"promediol.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714077/; classtype:trojan-activity;sid:83577177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714078)"; flow:established,from_client; content:"GET"; http_method; content:"/sd/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"time4realestate.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714078/; classtype:trojan-activity;sid:83577178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714079)"; flow:established,from_client; content:"GET"; http_method; content:"/eoes/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hondamardan.com.pk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714079/; classtype:trojan-activity;sid:83577179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714080)"; flow:established,from_client; content:"GET"; http_method; content:"/un/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mizhar.me"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714080/; classtype:trojan-activity;sid:83577180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714081)"; flow:established,from_client; content:"GET"; http_method; content:"/ue/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hunil.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714081/; classtype:trojan-activity;sid:83577181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714082)"; flow:established,from_client; content:"GET"; http_method; content:"/dai/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"japaaesthetics.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714082/; classtype:trojan-activity;sid:83577182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714083)"; flow:established,from_client; content:"GET"; http_method; content:"/seui/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mycopier.com.my"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714083/; classtype:trojan-activity;sid:83577183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714084)"; flow:established,from_client; content:"GET"; http_method; content:"/lif/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gpexpatservices.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714084/; classtype:trojan-activity;sid:83577184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714085)"; flow:established,from_client; content:"GET"; http_method; content:"/isq/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ziaintegracion.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714085/; classtype:trojan-activity;sid:83577185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714086)"; flow:established,from_client; content:"GET"; http_method; content:"/nii/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dhtech.ae"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714086/; classtype:trojan-activity;sid:83577186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714087)"; flow:established,from_client; content:"GET"; http_method; content:"/is/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monstertv.se"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714087/; classtype:trojan-activity;sid:83577187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714059)"; flow:established,from_client; content:"GET"; http_method; content:"/te/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ncsinternationalcollege.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714059/; classtype:trojan-activity;sid:83577159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714060)"; flow:established,from_client; content:"GET"; http_method; content:"/ioe/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"felixion-hydro.com.ng"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714060/; classtype:trojan-activity;sid:83577160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714061)"; flow:established,from_client; content:"GET"; http_method; content:"/du/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"morgiou.ch"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714061/; classtype:trojan-activity;sid:83577161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714062)"; flow:established,from_client; content:"GET"; http_method; content:"/uei/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"evomart.store"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714062/; classtype:trojan-activity;sid:83577162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714063)"; flow:established,from_client; content:"GET"; http_method; content:"/uet/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"aipccoaching.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714063/; classtype:trojan-activity;sid:83577163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714064)"; flow:established,from_client; content:"GET"; http_method; content:"/uatt/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"yookoi.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714064/; classtype:trojan-activity;sid:83577164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714065)"; flow:established,from_client; content:"GET"; http_method; content:"/var/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gplataforma.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714065/; classtype:trojan-activity;sid:83577165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714066)"; flow:established,from_client; content:"GET"; http_method; content:"/bm/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"globalhi-tech.sg"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714066/; classtype:trojan-activity;sid:83577166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714067)"; flow:established,from_client; content:"GET"; http_method; content:"/uoe/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"qualiteodonto.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714067/; classtype:trojan-activity;sid:83577167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714068)"; flow:established,from_client; content:"GET"; http_method; content:"/trpu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mikopo.gva.co.tz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714068/; classtype:trojan-activity;sid:83577168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714069)"; flow:established,from_client; content:"GET"; http_method; content:"/rt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"themarijuanashow.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714069/; classtype:trojan-activity;sid:83577169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714070)"; flow:established,from_client; content:"GET"; http_method; content:"/etx/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"plataformaemrede.com.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714070/; classtype:trojan-activity;sid:83577170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmoa/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"raaj.ltd"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714071/; classtype:trojan-activity;sid:83577171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714072)"; flow:established,from_client; content:"GET"; http_method; content:"/iqud/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"royannahal.ir"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714072/; classtype:trojan-activity;sid:83577172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714073)"; flow:established,from_client; content:"GET"; http_method; content:"/aman/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"corehost.host"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714073/; classtype:trojan-activity;sid:83577173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714074)"; flow:established,from_client; content:"GET"; http_method; content:"/ctru/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"whitehouseline.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714074/; classtype:trojan-activity;sid:83577174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714045)"; flow:established,from_client; content:"GET"; http_method; content:"/aep/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"themotorsnews.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714045/; classtype:trojan-activity;sid:83577145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714046)"; flow:established,from_client; content:"GET"; http_method; content:"/unr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"isudicolsas.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714046/; classtype:trojan-activity;sid:83577146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714047)"; flow:established,from_client; content:"GET"; http_method; content:"/neu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kaliganjcentralcollege.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714047/; classtype:trojan-activity;sid:83577147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714048)"; flow:established,from_client; content:"GET"; http_method; content:"/um/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minidoctor.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714048/; classtype:trojan-activity;sid:83577148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714049)"; flow:established,from_client; content:"GET"; http_method; content:"/mifs/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"forkliftrentalservicedubai.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714049/; classtype:trojan-activity;sid:83577149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714050)"; flow:established,from_client; content:"GET"; http_method; content:"/iro/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"brij.world"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714050/; classtype:trojan-activity;sid:83577150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714051)"; flow:established,from_client; content:"GET"; http_method; content:"/tnoe/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"thekhancept.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714051/; classtype:trojan-activity;sid:83577151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714052)"; flow:established,from_client; content:"GET"; http_method; content:"/io/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"francais-english-arabic.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714052/; classtype:trojan-activity;sid:83577152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714053)"; flow:established,from_client; content:"GET"; http_method; content:"/bn/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cricketresidentialelectricians.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714053/; classtype:trojan-activity;sid:83577153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714054)"; flow:established,from_client; content:"GET"; http_method; content:"/prto/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dbtowing.ca"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714054/; classtype:trojan-activity;sid:83577154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714055)"; flow:established,from_client; content:"GET"; http_method; content:"/atbu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"gloessays.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714055/; classtype:trojan-activity;sid:83577155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714056)"; flow:established,from_client; content:"GET"; http_method; content:"/qnu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"semquedagotas.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714056/; classtype:trojan-activity;sid:83577156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714057)"; flow:established,from_client; content:"GET"; http_method; content:"/viee/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"erwin-xii-rpl.my.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714057/; classtype:trojan-activity;sid:83577157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714058)"; flow:established,from_client; content:"GET"; http_method; content:"/ve/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aksharagalam.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714058/; classtype:trojan-activity;sid:83577158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714029)"; flow:established,from_client; content:"GET"; http_method; content:"/tc/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"drtarekeyeclinic.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714029/; classtype:trojan-activity;sid:83577129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714030)"; flow:established,from_client; content:"GET"; http_method; content:"/quou/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sirishareddy.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714030/; classtype:trojan-activity;sid:83577130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714031)"; flow:established,from_client; content:"GET"; http_method; content:"/ms/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"asiaprofessionals.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714031/; classtype:trojan-activity;sid:83577131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714032)"; flow:established,from_client; content:"GET"; http_method; content:"/se/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"inmano.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714032/; classtype:trojan-activity;sid:83577132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714033)"; flow:established,from_client; content:"GET"; http_method; content:"/uas/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"robsonarturmontemezzo.space"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714033/; classtype:trojan-activity;sid:83577133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714034)"; flow:established,from_client; content:"GET"; http_method; content:"/oa/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"milagrodelembarazo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714034/; classtype:trojan-activity;sid:83577134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714035)"; flow:established,from_client; content:"GET"; http_method; content:"/iif/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"arshany.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714035/; classtype:trojan-activity;sid:83577135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714036)"; flow:established,from_client; content:"GET"; http_method; content:"/imdt/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shopwinner.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714036/; classtype:trojan-activity;sid:83577136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714037)"; flow:established,from_client; content:"GET"; http_method; content:"/tsu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rtppedangdewa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714037/; classtype:trojan-activity;sid:83577137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714038)"; flow:established,from_client; content:"GET"; http_method; content:"/ds/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dna-do-gamer.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714038/; classtype:trojan-activity;sid:83577138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714039)"; flow:established,from_client; content:"GET"; http_method; content:"/po/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"takabplast.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714039/; classtype:trojan-activity;sid:83577139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714040)"; flow:established,from_client; content:"GET"; http_method; content:"/iin/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"semprejovem.fun"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714040/; classtype:trojan-activity;sid:83577140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714041)"; flow:established,from_client; content:"GET"; http_method; content:"/tuu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"citizensviews.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714041/; classtype:trojan-activity;sid:83577141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714042)"; flow:established,from_client; content:"GET"; http_method; content:"/ea/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"normacsales.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714042/; classtype:trojan-activity;sid:83577142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714043)"; flow:established,from_client; content:"GET"; http_method; content:"/aiam/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mrxpert.ae"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714043/; classtype:trojan-activity;sid:83577143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714044)"; flow:established,from_client; content:"GET"; http_method; content:"/ni/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"carrepairdubai.ae"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714044/; classtype:trojan-activity;sid:83577144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714018)"; flow:established,from_client; content:"GET"; http_method; content:"/am/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dgict.co"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714018/; classtype:trojan-activity;sid:83577118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714019)"; flow:established,from_client; content:"GET"; http_method; content:"/veet/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"affaires.co.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714019/; classtype:trojan-activity;sid:83577119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714020)"; flow:established,from_client; content:"GET"; http_method; content:"/ttse/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"taskbes.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714020/; classtype:trojan-activity;sid:83577120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714021)"; flow:established,from_client; content:"GET"; http_method; content:"/qtie/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"bligevale.co.zw"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714021/; classtype:trojan-activity;sid:83577121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714022)"; flow:established,from_client; content:"GET"; http_method; content:"/iat/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"emergingpakistan.com.pk"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714022/; classtype:trojan-activity;sid:83577122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714023)"; flow:established,from_client; content:"GET"; http_method; content:"/mus/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"rocksecuritymw.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714023/; classtype:trojan-activity;sid:83577123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714024)"; flow:established,from_client; content:"GET"; http_method; content:"/ec/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cosmositsolutions.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714024/; classtype:trojan-activity;sid:83577124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714025)"; flow:established,from_client; content:"GET"; http_method; content:"/ut/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"macaperuanacomboro.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714025/; classtype:trojan-activity;sid:83577125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714026)"; flow:established,from_client; content:"GET"; http_method; content:"/qta/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ziflitestudio.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714026/; classtype:trojan-activity;sid:83577126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714027)"; flow:established,from_client; content:"GET"; http_method; content:"/ut/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"blackshine.lk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714027/; classtype:trojan-activity;sid:83577127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714028)"; flow:established,from_client; content:"GET"; http_method; content:"/as/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rbstrafegopago.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714028/; classtype:trojan-activity;sid:83577128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714003)"; flow:established,from_client; content:"GET"; http_method; content:"/tep/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"adam-xii-rpl.my.id"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714003/; classtype:trojan-activity;sid:83577103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714004)"; flow:established,from_client; content:"GET"; http_method; content:"/imo/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tanhaenterprise.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714004/; classtype:trojan-activity;sid:83577104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714005)"; flow:established,from_client; content:"GET"; http_method; content:"/lel/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kangaroo.agency"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714005/; classtype:trojan-activity;sid:83577105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714006)"; flow:established,from_client; content:"GET"; http_method; content:"/au/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"michelleolatoksspecialist.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714006/; classtype:trojan-activity;sid:83577106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714007)"; flow:established,from_client; content:"GET"; http_method; content:"/mtnn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nia-dbrowntestserver.com.ng"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714007/; classtype:trojan-activity;sid:83577107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714008)"; flow:established,from_client; content:"GET"; http_method; content:"/ol/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"ingeniumav.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714008/; classtype:trojan-activity;sid:83577108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714009)"; flow:established,from_client; content:"GET"; http_method; content:"/ea/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cpm.com.py"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714009/; classtype:trojan-activity;sid:83577109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714010)"; flow:established,from_client; content:"GET"; http_method; content:"/quau/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"flyforeducation.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714010/; classtype:trojan-activity;sid:83577110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714011)"; flow:established,from_client; content:"GET"; http_method; content:"/ued/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"wubshetbekele.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714011/; classtype:trojan-activity;sid:83577111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714012)"; flow:established,from_client; content:"GET"; http_method; content:"/let/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"fountainofvictory.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714012/; classtype:trojan-activity;sid:83577112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714013)"; flow:established,from_client; content:"GET"; http_method; content:"/aum/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hubtron.com.pk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714013/; classtype:trojan-activity;sid:83577113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714014)"; flow:established,from_client; content:"GET"; http_method; content:"/oie/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ajpglobalshoppin.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714014/; classtype:trojan-activity;sid:83577114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714015)"; flow:established,from_client; content:"GET"; http_method; content:"/tie/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"wildiptv.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714015/; classtype:trojan-activity;sid:83577115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714016)"; flow:established,from_client; content:"GET"; http_method; content:"/ca/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"a2zfortextile.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714016/; classtype:trojan-activity;sid:83577116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714017)"; flow:established,from_client; content:"GET"; http_method; content:"/rm/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"flightbes.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714017/; classtype:trojan-activity;sid:83577117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713991)"; flow:established,from_client; content:"GET"; http_method; content:"/sne/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"arsetgraphia.eu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713991/; classtype:trojan-activity;sid:83577091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713992)"; flow:established,from_client; content:"GET"; http_method; content:"/em/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"monsteriptv.nu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713992/; classtype:trojan-activity;sid:83577092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713993)"; flow:established,from_client; content:"GET"; http_method; content:"/qut/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mpcel.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713993/; classtype:trojan-activity;sid:83577093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713994)"; flow:established,from_client; content:"GET"; http_method; content:"/os/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"tratacabelo.site"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713994/; classtype:trojan-activity;sid:83577094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713995)"; flow:established,from_client; content:"GET"; http_method; content:"/uame/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"renovad3.store"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713995/; classtype:trojan-activity;sid:83577095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713996)"; flow:established,from_client; content:"GET"; http_method; content:"/uta/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"renovad3.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713996/; classtype:trojan-activity;sid:83577096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713997)"; flow:established,from_client; content:"GET"; http_method; content:"/qrpi/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hikeytrends.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713997/; classtype:trojan-activity;sid:83577097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713998)"; flow:established,from_client; content:"GET"; http_method; content:"/mrrt/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"acaciare.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713998/; classtype:trojan-activity;sid:83577098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713999)"; flow:established,from_client; content:"GET"; http_method; content:"/tisi/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"shoppingrf.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713999/; classtype:trojan-activity;sid:83577099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714000)"; flow:established,from_client; content:"GET"; http_method; content:"/mt/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"egypt4translation.qa"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714000/; classtype:trojan-activity;sid:83577100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714001)"; flow:established,from_client; content:"GET"; http_method; content:"/amot/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"puwihealth.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714001/; classtype:trojan-activity;sid:83577101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714002)"; flow:established,from_client; content:"GET"; http_method; content:"/dsm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pantherradio.media"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2714002/; classtype:trojan-activity;sid:83577102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713987)"; flow:established,from_client; content:"GET"; http_method; content:"/tx/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cosmoshoponline.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713987/; classtype:trojan-activity;sid:83577087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713988)"; flow:established,from_client; content:"GET"; http_method; content:"/rur/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kathialves.eu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713988/; classtype:trojan-activity;sid:83577088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713989)"; flow:established,from_client; content:"GET"; http_method; content:"/sm/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"olimpodocce.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713989/; classtype:trojan-activity;sid:83577089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713990)"; flow:established,from_client; content:"GET"; http_method; content:"/fil/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gtf.rs"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713990/; classtype:trojan-activity;sid:83577090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713985)"; flow:established,from_client; content:"GET"; http_method; content:"/umyapd4/8t"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"135.125.177.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713985/; classtype:trojan-activity;sid:83577085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713986)"; flow:established,from_client; content:"GET"; http_method; content:"/zibr7/9e"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.164.17.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713986/; classtype:trojan-activity;sid:83577086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713983)"; flow:established,from_client; content:"GET"; http_method; content:"/zibr7/9ei"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.164.17.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713983/; classtype:trojan-activity;sid:83577083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713984)"; flow:established,from_client; content:"GET"; http_method; content:"/umyapd4/8tx"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"135.125.177.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713984/; classtype:trojan-activity;sid:83577084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713982)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.235.116.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713982/; classtype:trojan-activity;sid:83577082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.160.10.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713981/; classtype:trojan-activity;sid:83577081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713980)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.27.141.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713980/; classtype:trojan-activity;sid:83577080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713978/; classtype:trojan-activity;sid:83577078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.66.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713979/; classtype:trojan-activity;sid:83577079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713977)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/temp.js"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713977/; classtype:trojan-activity;sid:83577077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713972)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_vgdrkl.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713972/; classtype:trojan-activity;sid:83577072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713973)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_zbbnje.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713973/; classtype:trojan-activity;sid:83577073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713974)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_hlwgwi.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713974/; classtype:trojan-activity;sid:83577074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713975)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_hsktus.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713975/; classtype:trojan-activity;sid:83577075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713976)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_hfedvs.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713976/; classtype:trojan-activity;sid:83577076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713965)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_coifes.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713965/; classtype:trojan-activity;sid:83577065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713966)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_lrkopk.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713966/; classtype:trojan-activity;sid:83577066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713967)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_gqneam.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713967/; classtype:trojan-activity;sid:83577067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713968)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_liiwag.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713968/; classtype:trojan-activity;sid:83577068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713969)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_ffntdw.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713969/; classtype:trojan-activity;sid:83577069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713970)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_fwbuny.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713970/; classtype:trojan-activity;sid:83577070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713971)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_fnybhk.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713971/; classtype:trojan-activity;sid:83577071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713963)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/for_testing_ofsxbx.msi"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713963/; classtype:trojan-activity;sid:83577063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713964)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/for_testing_moslxl.msi"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713964/; classtype:trojan-activity;sid:83577064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713962)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/for_testing_uebfvx.msi"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713962/; classtype:trojan-activity;sid:83577062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713960)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_bbrqqe.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713960/; classtype:trojan-activity;sid:83577060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713961)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/executeinstall%20-%20copy.rar"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713961/; classtype:trojan-activity;sid:83577061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713959)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jztn.2023.ebeenj.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713959/; classtype:trojan-activity;sid:83577059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713958/; classtype:trojan-activity;sid:83577058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713957)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/616/609/original/rump_vbs.jpg|3f|"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713957/; classtype:trojan-activity;sid:83577057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713956)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/616/609/original/rump_vbs.jpg|3f|1695408937"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713956/; classtype:trojan-activity;sid:83577056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713955)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uvht.2023.ebeenj.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713955/; classtype:trojan-activity;sid:83577055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713954)"; flow:established,from_client; content:"GET"; http_method; content:"/paste-code/bqh9"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wtools.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713954/; classtype:trojan-activity;sid:83577054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.76.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713953/; classtype:trojan-activity;sid:83577053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.86.99.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713952/; classtype:trojan-activity;sid:83577052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713951)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.69.8.182"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713951/; classtype:trojan-activity;sid:83577051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713950)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.248.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713950/; classtype:trojan-activity;sid:83577050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713946)"; flow:established,from_client; content:"GET"; http_method; content:"/solonichat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"t.me"; http_host; depth:4; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713946/; classtype:trojan-activity;sid:83577046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713947)"; flow:established,from_client; content:"GET"; http_method; content:"/temp.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.75.215.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713947/; classtype:trojan-activity;sid:83577047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713948)"; flow:established,from_client; content:"GET"; http_method; content:"/c2abfb0e7157a4fe8c1096547c466cbb"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"5.75.215.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713948/; classtype:trojan-activity;sid:83577048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713945)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666155182|3f|hash=yhovpkbeorfttxnz5r0s3eepupao9rw8gh4zltkk6ms|7c|26|7c|dl=xgyew8hchwsg3sqfbhlmdgko3yvxr28ntnqqvckxapw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713945/; classtype:trojan-activity;sid:83577045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713944)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666155284|3f|hash=imdsfii1gwolubv61ckztpwgq51zcnziz6qz8gsqp7p|7c|26|7c|dl=7w4np6rfyranuvctvctakrqplvvl9jdozpg1mg3sxh0|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713944/; classtype:trojan-activity;sid:83577044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713943)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/login_gpnvdg.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713943/; classtype:trojan-activity;sid:83577043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713942)"; flow:established,from_client; content:"GET"; http_method; content:"/c.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.129.14.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713942/; classtype:trojan-activity;sid:83577042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713936)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666156612|3f|hash=bdgesbhlsaavx3xfpztlcq0zukiqphvenrpzwcpj5z8|7c|26|7c|dl=4jarfwt8za3vgc8eemxkoffs2sibvxycipb5iy6vf3o|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713936/; classtype:trojan-activity;sid:83577036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713937)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/login_jbqzpx.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713937/; classtype:trojan-activity;sid:83577037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713938)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/login_qyxkkh.vbs"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713938/; classtype:trojan-activity;sid:83577038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713939)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/1.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713939/; classtype:trojan-activity;sid:83577039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713940)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/for_testing_nytazi.msi"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713940/; classtype:trojan-activity;sid:83577040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713941)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/neverban_frlcwa.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713941/; classtype:trojan-activity;sid:83577041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713933)"; flow:established,from_client; content:"GET"; http_method; content:"/nettime.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"fc.ftimedica.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713933/; classtype:trojan-activity;sid:83577033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713934)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/executeinstall%20-%20copy.js"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713934/; classtype:trojan-activity;sid:83577034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713935)"; flow:established,from_client; content:"GET"; http_method; content:"/foo/executeinstall.js"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"89.23.100.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713935/; classtype:trojan-activity;sid:83577035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713931)"; flow:established,from_client; content:"GET"; http_method; content:"/bdc46bd1e5d3e260/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.103.253.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713931/; classtype:trojan-activity;sid:83577031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713932)"; flow:established,from_client; content:"GET"; http_method; content:"/bdc46bd1e5d3e260/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.103.253.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713932/; classtype:trojan-activity;sid:83577032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713926)"; flow:established,from_client; content:"GET"; http_method; content:"/bdc46bd1e5d3e260/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.103.253.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713926/; classtype:trojan-activity;sid:83577026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713927)"; flow:established,from_client; content:"GET"; http_method; content:"/bdc46bd1e5d3e260/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.103.253.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713927/; classtype:trojan-activity;sid:83577027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713928)"; flow:established,from_client; content:"GET"; http_method; content:"/bdc46bd1e5d3e260/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.103.253.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713928/; classtype:trojan-activity;sid:83577028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713929)"; flow:established,from_client; content:"GET"; http_method; content:"/bdc46bd1e5d3e260/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.103.253.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713929/; classtype:trojan-activity;sid:83577029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713930)"; flow:established,from_client; content:"GET"; http_method; content:"/bdc46bd1e5d3e260/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.103.253.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713930/; classtype:trojan-activity;sid:83577030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713919)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"157.90.161.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713919/; classtype:trojan-activity;sid:83577019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713920)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"157.90.161.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713920/; classtype:trojan-activity;sid:83577020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713921)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"157.90.161.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713921/; classtype:trojan-activity;sid:83577021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713922)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"157.90.161.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713922/; classtype:trojan-activity;sid:83577022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713923)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"157.90.161.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713923/; classtype:trojan-activity;sid:83577023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713924)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"157.90.161.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713924/; classtype:trojan-activity;sid:83577024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713925)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"157.90.161.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713925/; classtype:trojan-activity;sid:83577025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713918)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.151.74.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713918/; classtype:trojan-activity;sid:83577018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.32.4.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713917/; classtype:trojan-activity;sid:83577017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.79.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713916/; classtype:trojan-activity;sid:83577016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.30.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713915/; classtype:trojan-activity;sid:83577015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.79.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713914/; classtype:trojan-activity;sid:83577014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.224.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713912/; classtype:trojan-activity;sid:83577012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.32.172.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713913/; classtype:trojan-activity;sid:83577013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.57.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713911/; classtype:trojan-activity;sid:83577011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713910)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"pfyk.2023.ebeenj.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713910/; classtype:trojan-activity;sid:83577010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713909)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.151.95.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713909/; classtype:trojan-activity;sid:83577009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.57.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713908/; classtype:trojan-activity;sid:83577008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713898)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.92.49.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713898/; classtype:trojan-activity;sid:83576998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713899)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"38.92.49.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713899/; classtype:trojan-activity;sid:83576999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713900)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.92.49.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713900/; classtype:trojan-activity;sid:83577000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713901)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"38.92.49.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713901/; classtype:trojan-activity;sid:83577001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713902)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.92.49.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713902/; classtype:trojan-activity;sid:83577002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713903)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.92.49.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713903/; classtype:trojan-activity;sid:83577003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713904)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"38.92.49.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713904/; classtype:trojan-activity;sid:83577004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713905)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.92.49.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713905/; classtype:trojan-activity;sid:83577005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713906)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"38.92.49.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713906/; classtype:trojan-activity;sid:83577006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713907)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.92.49.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713907/; classtype:trojan-activity;sid:83577007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713897)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.152.238.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713897/; classtype:trojan-activity;sid:83576997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.73.19.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713896/; classtype:trojan-activity;sid:83576996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713895)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.74.243.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713895/; classtype:trojan-activity;sid:83576995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.150.175.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713894/; classtype:trojan-activity;sid:83576994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.211.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713893/; classtype:trojan-activity;sid:83576993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.43.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713892/; classtype:trojan-activity;sid:83576992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713891)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.249.38.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713891/; classtype:trojan-activity;sid:83576991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.188.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_26; reference:url, urlhaus.abuse.ch/url/2713890/; classtype:trojan-activity;sid:83576990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.99.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713889/; classtype:trojan-activity;sid:83576989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713888)"; flow:established,from_client; content:"GET"; http_method; content:"/paste-code/bqhl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wtools.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713888/; classtype:trojan-activity;sid:83576988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.45.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713887/; classtype:trojan-activity;sid:83576987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713886)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.173.52.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713886/; classtype:trojan-activity;sid:83576986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713884)"; flow:established,from_client; content:"GET"; http_method; content:"/polar.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.153.157.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713884/; classtype:trojan-activity;sid:83576984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713885)"; flow:established,from_client; content:"GET"; http_method; content:"/polar.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.153.157.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713885/; classtype:trojan-activity;sid:83576985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713883)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.57.18.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713883/; classtype:trojan-activity;sid:83576983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.40.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713882/; classtype:trojan-activity;sid:83576982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713881)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gbn.2023.ebeenj.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713881/; classtype:trojan-activity;sid:83576981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.23.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713880/; classtype:trojan-activity;sid:83576980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713879)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.151.253.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713879/; classtype:trojan-activity;sid:83576979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.178.113.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713878/; classtype:trojan-activity;sid:83576978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713876)"; flow:established,from_client; content:"GET"; http_method; content:"/525403/setup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"xsk295c2.beget.tech"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713876/; classtype:trojan-activity;sid:83576976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713875)"; flow:established,from_client; content:"GET"; http_method; content:"/comments.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kizys.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713875/; classtype:trojan-activity;sid:83576975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713873)"; flow:established,from_client; content:"GET"; http_method; content:"/comments.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"keltek.co.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713873/; classtype:trojan-activity;sid:83576973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713874)"; flow:established,from_client; content:"GET"; http_method; content:"/comments.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kendalwills.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713874/; classtype:trojan-activity;sid:83576974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.131.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713872/; classtype:trojan-activity;sid:83576972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.72.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713871/; classtype:trojan-activity;sid:83576971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713870)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.127.112.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713870/; classtype:trojan-activity;sid:83576970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.113.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713869/; classtype:trojan-activity;sid:83576969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713868)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.45.22.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713868/; classtype:trojan-activity;sid:83576968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713867)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.36.81.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713867/; classtype:trojan-activity;sid:83576967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713866)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.26.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713866/; classtype:trojan-activity;sid:83576966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713865)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.143.220.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713865/; classtype:trojan-activity;sid:83576965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713864)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.252.236.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713864/; classtype:trojan-activity;sid:83576964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713863)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"65.109.2.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713863/; classtype:trojan-activity;sid:83576963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713862)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"65.109.2.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713862/; classtype:trojan-activity;sid:83576962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713861)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"65.109.2.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713861/; classtype:trojan-activity;sid:83576961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713859)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"65.109.2.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713859/; classtype:trojan-activity;sid:83576959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713860)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"65.109.2.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713860/; classtype:trojan-activity;sid:83576960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713857)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"65.109.2.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713857/; classtype:trojan-activity;sid:83576957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713858)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"65.109.2.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713858/; classtype:trojan-activity;sid:83576958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713856)"; flow:established,from_client; content:"GET"; http_method; content:"/te/|3f|1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"androidcorners.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713856/; classtype:trojan-activity;sid:83576956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713855)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.24.167.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713855/; classtype:trojan-activity;sid:83576955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713854)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"219.71.105.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713854/; classtype:trojan-activity;sid:83576954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713853)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"187.147.24.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713853/; classtype:trojan-activity;sid:83576953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713852)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.228.246.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713852/; classtype:trojan-activity;sid:83576952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713851)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xgr7025rmywb"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713851/; classtype:trojan-activity;sid:83576951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.20.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713850/; classtype:trojan-activity;sid:83576950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713849)"; flow:established,from_client; content:"GET"; http_method; content:"/dng.wav"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"qu.ax"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713849/; classtype:trojan-activity;sid:83576949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713848)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.30.116.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713848/; classtype:trojan-activity;sid:83576948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.93.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713847/; classtype:trojan-activity;sid:83576947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713845)"; flow:established,from_client; content:"GET"; http_method; content:"/msivjikfjxb"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.228.169.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713845/; classtype:trojan-activity;sid:83576945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713846)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"94.228.169.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713846/; classtype:trojan-activity;sid:83576946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713842)"; flow:established,from_client; content:"GET"; http_method; content:"/iin/|3f|72037511"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"semprejovem.fun"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713842/; classtype:trojan-activity;sid:83576942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713843)"; flow:established,from_client; content:"GET"; http_method; content:"/hsg/j"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.42.110.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713843/; classtype:trojan-activity;sid:83576943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713844)"; flow:established,from_client; content:"GET"; http_method; content:"/ib/|3f|50137511"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"mfleader.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713844/; classtype:trojan-activity;sid:83576944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713835)"; flow:established,from_client; content:"GET"; http_method; content:"/wnjd1/5vy"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.119.175.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713835/; classtype:trojan-activity;sid:83576935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713836)"; flow:established,from_client; content:"GET"; http_method; content:"/ymtpr/yl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.32.222.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713836/; classtype:trojan-activity;sid:83576936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713837)"; flow:established,from_client; content:"GET"; http_method; content:"/ni/|3f|31937511"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"carrepairdubai.ae"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713837/; classtype:trojan-activity;sid:83576937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713838)"; flow:established,from_client; content:"GET"; http_method; content:"/wnjd1/iji"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.119.175.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713838/; classtype:trojan-activity;sid:83576938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713839)"; flow:established,from_client; content:"GET"; http_method; content:"/te/|3f|91937511"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"androidcorners.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713839/; classtype:trojan-activity;sid:83576939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713840)"; flow:established,from_client; content:"GET"; http_method; content:"/tuu/|3f|13927511"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"citizensviews.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713840/; classtype:trojan-activity;sid:83576940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713841)"; flow:established,from_client; content:"GET"; http_method; content:"/rc/|3f|22437511"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cadinova.ma"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713841/; classtype:trojan-activity;sid:83576941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713834)"; flow:established,from_client; content:"GET"; http_method; content:"/wnjd1/f"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"88.119.175.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713834/; classtype:trojan-activity;sid:83576934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713833)"; flow:established,from_client; content:"GET"; http_method; content:"/vjikfjxb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.228.169.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713833/; classtype:trojan-activity;sid:83576933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713832)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.130.26.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713832/; classtype:trojan-activity;sid:83576932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713831)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.255.187.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713831/; classtype:trojan-activity;sid:83576931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.72.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713830/; classtype:trojan-activity;sid:83576930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713829)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"80.76.51.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713829/; classtype:trojan-activity;sid:83576929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.203.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713828/; classtype:trojan-activity;sid:83576928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.122.99.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713827/; classtype:trojan-activity;sid:83576927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713826)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.169.156.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713826/; classtype:trojan-activity;sid:83576926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713825)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xqtmhxjoliab"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713825/; classtype:trojan-activity;sid:83576925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713824)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zrxqu.2023.ebeenj.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713824/; classtype:trojan-activity;sid:83576924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.32.172.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713823/; classtype:trojan-activity;sid:83576923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713822)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666136580|3f|hash=j0zstjenbireax4zpq5xwfmyw8fov0xrqipvuc8loop|7c|26|7c|dl=kqjwzyr82vmrlme5ysjianl5x3qhnzh8t4p6ejv1b3o|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713822/; classtype:trojan-activity;sid:83576922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713821)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666121482|3f|hash=x7tyzzwdbypos3dmjilbhm0nm5snr8w3hggzg0cxp38|7c|26|7c|dl=0lfx33st3g4txzpfuqvzasiuf6cd0lndtnwz1ri4ac8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713821/; classtype:trojan-activity;sid:83576921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713820)"; flow:established,from_client; content:"GET"; http_method; content:"/87sbhas6as.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.181.80.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713820/; classtype:trojan-activity;sid:83576920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.196.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713819/; classtype:trojan-activity;sid:83576919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713818)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.110.12.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713818/; classtype:trojan-activity;sid:83576918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713816)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sa-iran.fartit.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713816/; classtype:trojan-activity;sid:83576916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713817)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"iran.fartit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713817/; classtype:trojan-activity;sid:83576917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713815)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sah-ir.fartit.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713815/; classtype:trojan-activity;sid:83576915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713814)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ir-ed.otzo.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713814/; classtype:trojan-activity;sid:83576914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713813)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"adlut.faqserv.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713813/; classtype:trojan-activity;sid:83576913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713811)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sadl.fartit.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713811/; classtype:trojan-activity;sid:83576911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713812)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl.authorizeddns.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713812/; classtype:trojan-activity;sid:83576912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713810)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"iran-sahm.vizvaz.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713810/; classtype:trojan-activity;sid:83576910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713809)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666116297|3f|hash=lkxb46dcuknkqgorfsfx2ul9wmbbx0ud71nmu7wschl|7c|26|7c|dl=7yspayszzehccuchdso6vzlhfwpypgmhyn2t8djd6n0|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713809/; classtype:trojan-activity;sid:83576909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713807)"; flow:established,from_client; content:"GET"; http_method; content:"/macsdsagf124125r62/macarm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"81.161.229.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713807/; classtype:trojan-activity;sid:83576907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713808)"; flow:established,from_client; content:"GET"; http_method; content:"/macsdsagf124125r62/macarm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"81.161.229.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713808/; classtype:trojan-activity;sid:83576908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.166.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713806/; classtype:trojan-activity;sid:83576906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713805)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"eqdf.2023.ebeenj.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713805/; classtype:trojan-activity;sid:83576905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713804)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"iran-sah.fartit.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713804/; classtype:trojan-activity;sid:83576904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713803)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"iran-sahm.fartit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713803/; classtype:trojan-activity;sid:83576903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713802)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"iran-sa.faqserv.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713802/; classtype:trojan-activity;sid:83576902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713797)"; flow:established,from_client; content:"GET"; http_method; content:"/sahamedalat.apk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sahm-ir.faqserv.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713797/; classtype:trojan-activity;sid:83576897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713798)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ir-sahm.fartit.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713798/; classtype:trojan-activity;sid:83576898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713799)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ir-saham.faqserv.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713799/; classtype:trojan-activity;sid:83576899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713800)"; flow:established,from_client; content:"GET"; http_method; content:"/saham.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ed-ir.faqserv.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713800/; classtype:trojan-activity;sid:83576900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713801)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ed-iran.faqserv.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713801/; classtype:trojan-activity;sid:83576901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.81.166.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713796/; classtype:trojan-activity;sid:83576896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713795)"; flow:established,from_client; content:"GET"; http_method; content:"/conhost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.196.96.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713795/; classtype:trojan-activity;sid:83576895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713794)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.196.96.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713794/; classtype:trojan-activity;sid:83576894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/paraiso.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"164.90.148.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713793/; classtype:trojan-activity;sid:83576893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.119.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713792/; classtype:trojan-activity;sid:83576892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713791)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.98.114.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713791/; classtype:trojan-activity;sid:83576891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713790)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1155517539196096623/1155590446601490624/setup.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713790/; classtype:trojan-activity;sid:83576890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713789)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1133450045144965260/1135892685400571974/gamesetup.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713789/; classtype:trojan-activity;sid:83576889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713788)"; flow:established,from_client; content:"GET"; http_method; content:"/wase/zor40.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.91.68.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713788/; classtype:trojan-activity;sid:83576888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.14.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713787/; classtype:trojan-activity;sid:83576887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713786)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.98.144.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713786/; classtype:trojan-activity;sid:83576886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.117.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713785/; classtype:trojan-activity;sid:83576885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713784)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.220.59.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713784/; classtype:trojan-activity;sid:83576884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.74.124.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713783/; classtype:trojan-activity;sid:83576883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"61.216.134.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713782/; classtype:trojan-activity;sid:83576882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.165.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713781/; classtype:trojan-activity;sid:83576881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.22.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713780/; classtype:trojan-activity;sid:83576880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713779)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.31.168.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713779/; classtype:trojan-activity;sid:83576879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713778)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"61.230.12.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713778/; classtype:trojan-activity;sid:83576878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.112.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713777/; classtype:trojan-activity;sid:83576877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713776)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.243.24.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713776/; classtype:trojan-activity;sid:83576876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713775)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.241.116.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_25; reference:url, urlhaus.abuse.ch/url/2713775/; classtype:trojan-activity;sid:83576875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.24.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713774/; classtype:trojan-activity;sid:83576874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713773)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"klhby.2023.ebeenj.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713773/; classtype:trojan-activity;sid:83576873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.85.27"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713772/; classtype:trojan-activity;sid:83576872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.127.254.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713771/; classtype:trojan-activity;sid:83576871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713770)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.228.7.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713770/; classtype:trojan-activity;sid:83576870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.232.37.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713769/; classtype:trojan-activity;sid:83576869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.179.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713768/; classtype:trojan-activity;sid:83576868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.85.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713767/; classtype:trojan-activity;sid:83576867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713766)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.148.219.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713766/; classtype:trojan-activity;sid:83576866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713765/; classtype:trojan-activity;sid:83576865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713761)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713761/; classtype:trojan-activity;sid:83576861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713762)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713762/; classtype:trojan-activity;sid:83576862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713763/; classtype:trojan-activity;sid:83576863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713764)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713764/; classtype:trojan-activity;sid:83576864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713757)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713757/; classtype:trojan-activity;sid:83576857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713758)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713758/; classtype:trojan-activity;sid:83576858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713759)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713759/; classtype:trojan-activity;sid:83576859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713760)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713760/; classtype:trojan-activity;sid:83576860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713756/; classtype:trojan-activity;sid:83576856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713755)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713755/; classtype:trojan-activity;sid:83576855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713754)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"164.92.78.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713754/; classtype:trojan-activity;sid:83576854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713745)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"164.92.78.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713745/; classtype:trojan-activity;sid:83576845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713746)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"164.92.78.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713746/; classtype:trojan-activity;sid:83576846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713747)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"164.92.78.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713747/; classtype:trojan-activity;sid:83576847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713748)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"164.92.78.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713748/; classtype:trojan-activity;sid:83576848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713749)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"164.92.78.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713749/; classtype:trojan-activity;sid:83576849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713750)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"164.92.78.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713750/; classtype:trojan-activity;sid:83576850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713751)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"164.92.78.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713751/; classtype:trojan-activity;sid:83576851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713752)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"164.92.78.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713752/; classtype:trojan-activity;sid:83576852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713753)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"164.92.78.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713753/; classtype:trojan-activity;sid:83576853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713744)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.127.65.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713744/; classtype:trojan-activity;sid:83576844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.132.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713743/; classtype:trojan-activity;sid:83576843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713742)"; flow:established,from_client; content:"GET"; http_method; content:"/sdxkzx_uxa229x.mpsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.88.90.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713742/; classtype:trojan-activity;sid:83576842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713741)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"61.115.156.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713741/; classtype:trojan-activity;sid:83576841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713740)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"80.251.153.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713740/; classtype:trojan-activity;sid:83576840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713739)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.203.121.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713739/; classtype:trojan-activity;sid:83576839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.72.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713738/; classtype:trojan-activity;sid:83576838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.85.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713737/; classtype:trojan-activity;sid:83576837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713736)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"96.246.139.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713736/; classtype:trojan-activity;sid:83576836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713735)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.45.218.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713735/; classtype:trojan-activity;sid:83576835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713734)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"miri.2023.ebeenj.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713734/; classtype:trojan-activity;sid:83576834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713733)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.246.108.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713733/; classtype:trojan-activity;sid:83576833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713732)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.127.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713732/; classtype:trojan-activity;sid:83576832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713728)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"insource.nz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713728/; classtype:trojan-activity;sid:83576828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713729)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jacksworkspace.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713729/; classtype:trojan-activity;sid:83576829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713730)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hslawcorp.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713730/; classtype:trojan-activity;sid:83576830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713731)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"iprommark.com.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713731/; classtype:trojan-activity;sid:83576831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713726)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"karlshamnsfotoklubb.se"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713726/; classtype:trojan-activity;sid:83576826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713727)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ippm.dk"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713727/; classtype:trojan-activity;sid:83576827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713717)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"inspiration4fitness.de"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713717/; classtype:trojan-activity;sid:83576817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713718)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"johnryan.ie"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713718/; classtype:trojan-activity;sid:83576818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713719)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jphilippeau.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713719/; classtype:trojan-activity;sid:83576819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713720)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hologramy-kolekcjonerskie.pl"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713720/; classtype:trojan-activity;sid:83576820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713721)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"heatherwoodpta.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713721/; classtype:trojan-activity;sid:83576821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713722)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"imago-int.eu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713722/; classtype:trojan-activity;sid:83576822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713723)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"junkwize.passionstaging.co.uk"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713723/; classtype:trojan-activity;sid:83576823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713724)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"herbert-strohmaier.de"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713724/; classtype:trojan-activity;sid:83576824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713725)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ibirtm.pl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713725/; classtype:trojan-activity;sid:83576825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713712)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"inprojexautomotive.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713712/; classtype:trojan-activity;sid:83576812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713713)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hoco-moebel.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713713/; classtype:trojan-activity;sid:83576813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713714)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"iuic.de"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713714/; classtype:trojan-activity;sid:83576814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713715)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"heuberg-einrichtungen.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713715/; classtype:trojan-activity;sid:83576815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713716)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hockeycorner.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713716/; classtype:trojan-activity;sid:83576816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.72.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713711/; classtype:trojan-activity;sid:83576811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.23.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713710/; classtype:trojan-activity;sid:83576810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713709)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.34.156.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713709/; classtype:trojan-activity;sid:83576809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713707)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=ad0ec00396f13567%21139|7c|26|7c|authkey=!aicjkfb9k2cv1d4"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713707/; classtype:trojan-activity;sid:83576807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713703)"; flow:established,from_client; content:"GET"; http_method; content:"/a4cf60df505c17ab/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.161.251.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713703/; classtype:trojan-activity;sid:83576803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713704)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666108395|3f|hash=jawoiyjxlhzpa18qu35xzpzzbykkkddodq7cler5tkc|7c|26|7c|dl=p4xlxa2nnutbgc4vbe6mr2ujxecoszt0mnzx27iuyrl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713704/; classtype:trojan-activity;sid:83576804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713705)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666108337|3f|hash=lklhzwp3rbjrrhpsqobxz4niduoqb6eejwaikmaxcll|7c|26|7c|dl=rm6ljjximcpxpvfdbo1ugjjruv0pzfallqpwzv9yfpz|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713705/; classtype:trojan-activity;sid:83576805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713706)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666107609|3f|hash=bygpulrwlmrkxcflrzrghxdjdijq85cvi9fm1cl6l9c|7c|26|7c|dl=f5pw8f0xaekf5kjjpalspojbzkewuzrxezdybe192xl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713706/; classtype:trojan-activity;sid:83576806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713700)"; flow:established,from_client; content:"GET"; http_method; content:"/a4cf60df505c17ab/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.161.251.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713700/; classtype:trojan-activity;sid:83576800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713701)"; flow:established,from_client; content:"GET"; http_method; content:"/a4cf60df505c17ab/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.161.251.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713701/; classtype:trojan-activity;sid:83576801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713702)"; flow:established,from_client; content:"GET"; http_method; content:"/a4cf60df505c17ab/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.161.251.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713702/; classtype:trojan-activity;sid:83576802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713697)"; flow:established,from_client; content:"GET"; http_method; content:"/a4cf60df505c17ab/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.161.251.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713697/; classtype:trojan-activity;sid:83576797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713698)"; flow:established,from_client; content:"GET"; http_method; content:"/a4cf60df505c17ab/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.161.251.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713698/; classtype:trojan-activity;sid:83576798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713699)"; flow:established,from_client; content:"GET"; http_method; content:"/a4cf60df505c17ab/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.161.251.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713699/; classtype:trojan-activity;sid:83576799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713689)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"45.84.0.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713689/; classtype:trojan-activity;sid:83576789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713690)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"45.84.0.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713690/; classtype:trojan-activity;sid:83576790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713691)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"45.84.0.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713691/; classtype:trojan-activity;sid:83576791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713692)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"45.84.0.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713692/; classtype:trojan-activity;sid:83576792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713693)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"45.84.0.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713693/; classtype:trojan-activity;sid:83576793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713694)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"45.84.0.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713694/; classtype:trojan-activity;sid:83576794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713695)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nssdbm3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"45.84.0.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713695/; classtype:trojan-activity;sid:83576795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713696)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"45.84.0.80"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713696/; classtype:trojan-activity;sid:83576796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.76.160.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713688/; classtype:trojan-activity;sid:83576788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713687)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"80.251.153.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713687/; classtype:trojan-activity;sid:83576787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713680)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.97.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713680/; classtype:trojan-activity;sid:83576780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713681)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.97.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713681/; classtype:trojan-activity;sid:83576781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713682)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.97.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713682/; classtype:trojan-activity;sid:83576782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713683)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.97.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713683/; classtype:trojan-activity;sid:83576783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713684)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.97.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713684/; classtype:trojan-activity;sid:83576784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713685)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.97.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713685/; classtype:trojan-activity;sid:83576785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713686)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.97.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713686/; classtype:trojan-activity;sid:83576786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713677)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.97.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713677/; classtype:trojan-activity;sid:83576777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713678)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.97.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713678/; classtype:trojan-activity;sid:83576778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713679)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu/arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.97.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713679/; classtype:trojan-activity;sid:83576779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.7.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713676/; classtype:trojan-activity;sid:83576776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713675)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.97.88"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713675/; classtype:trojan-activity;sid:83576775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713674)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.71.205.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713674/; classtype:trojan-activity;sid:83576774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.10.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713673/; classtype:trojan-activity;sid:83576773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713672)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.21.60.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713672/; classtype:trojan-activity;sid:83576772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713671)"; flow:established,from_client; content:"GET"; http_method; content:"/trc.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"165.22.114.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713671/; classtype:trojan-activity;sid:83576771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713670)"; flow:established,from_client; content:"GET"; http_method; content:"/i.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.252.22.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713670/; classtype:trojan-activity;sid:83576770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713669)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/splm68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.225.74.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713669/; classtype:trojan-activity;sid:83576769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713667/; classtype:trojan-activity;sid:83576767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.6.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713668/; classtype:trojan-activity;sid:83576768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713666)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.232.56.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713666/; classtype:trojan-activity;sid:83576766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713665/; classtype:trojan-activity;sid:83576765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713656)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"75.119.154.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713656/; classtype:trojan-activity;sid:83576756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713657)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"75.119.154.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713657/; classtype:trojan-activity;sid:83576757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713658)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"75.119.154.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713658/; classtype:trojan-activity;sid:83576758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713659)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"75.119.154.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713659/; classtype:trojan-activity;sid:83576759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713660)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"75.119.154.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713660/; classtype:trojan-activity;sid:83576760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713661)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"75.119.154.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713661/; classtype:trojan-activity;sid:83576761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713662)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"75.119.154.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713662/; classtype:trojan-activity;sid:83576762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713663)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"75.119.154.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713663/; classtype:trojan-activity;sid:83576763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713664)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"75.119.154.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713664/; classtype:trojan-activity;sid:83576764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.93.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713655/; classtype:trojan-activity;sid:83576755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.170.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713654/; classtype:trojan-activity;sid:83576754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713653)"; flow:established,from_client; content:"GET"; http_method; content:"/saham%20man.apk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sahamedalat.whi.ir"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713653/; classtype:trojan-activity;sid:83576753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713651)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666079979|3f|hash=arcwfto8il5qjm5lbqdnyjd80ysgbrrdpnmrkpslr8o|7c|26|7c|dl=ghrxsaieeisb3l16mzmbtjkac2ohzz2nxaxk9repomz|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713651/; classtype:trojan-activity;sid:83576751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713652)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666077665|3f|hash=gyk7k7dckij02a5dvt3dgljzlnortkyzeg7zj1sn6oh|7c|26|7c|dl=dfzuvkkdaqp6q6zcteb508dlusjwnabeh1dp3x3nyft|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713652/; classtype:trojan-activity;sid:83576752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713650)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666082502|3f|hash=d8qpgk39g4rrgrq1ehjw6ec0n4d2e1aso7q2ilsuhxo|7c|26|7c|dl=vqja12kacsyevsrk7vwwwdr8mvvdchq794ztwwa1zh8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713650/; classtype:trojan-activity;sid:83576750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713648)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666080029|3f|hash=itgt5jrzvmumfoipzzdh910z1evs2zyncf1bgoah0jd|7c|26|7c|dl=crgrtxz6mennztuxx6pp2ydwreitcpcqd8jyyhjt3gs|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713648/; classtype:trojan-activity;sid:83576748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713649)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666072135|3f|hash=fj1vsgkejvuzuxizbexlpygxascqxnscojakwsyrngd|7c|26|7c|dl=eqlbtowhboqjqlomavazk4qw5g2hquqff9hzlixiext|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713649/; classtype:trojan-activity;sid:83576749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713643)"; flow:established,from_client; content:"GET"; http_method; content:"/ok.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"104.199.113.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713643/; classtype:trojan-activity;sid:83576743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713644)"; flow:established,from_client; content:"GET"; http_method; content:"/g.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"194.55.224.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713644/; classtype:trojan-activity;sid:83576744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713645)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666071613|3f|hash=0fnplkb8pfdnwtides1bbbz0zfhk8nm86m92ndcnny0|7c|26|7c|dl=bfpljnazxuusw1iwhh81tampfhcpugk60d9vtkdzqll|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713645/; classtype:trojan-activity;sid:83576745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713646)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666087949|3f|hash=kbrwgqgyot4scsjxjodnezlxdwvg1innbazjtyomqlc|7c|26|7c|dl=xyxqwhdfex5arblav8excikr1azqzsk44bi7gcnqqvp|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713646/; classtype:trojan-activity;sid:83576746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713647)"; flow:established,from_client; content:"GET"; http_method; content:"/api/files/software/s1.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"5.42.64.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713647/; classtype:trojan-activity;sid:83576747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713642)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.110.62.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713642/; classtype:trojan-activity;sid:83576742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713641)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.115.101.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713641/; classtype:trojan-activity;sid:83576741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.41.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713640/; classtype:trojan-activity;sid:83576740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.20.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713639/; classtype:trojan-activity;sid:83576739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713638)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.97.161.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713638/; classtype:trojan-activity;sid:83576738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713637)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.174.167.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713637/; classtype:trojan-activity;sid:83576737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713636)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.126.35.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713636/; classtype:trojan-activity;sid:83576736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.235.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713635/; classtype:trojan-activity;sid:83576735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713634/; classtype:trojan-activity;sid:83576734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713633)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.193.112.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713633/; classtype:trojan-activity;sid:83576733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713632)"; flow:established,from_client; content:"GET"; http_method; content:"/new/foto7447.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"77.91.68.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713632/; classtype:trojan-activity;sid:83576732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713631)"; flow:established,from_client; content:"GET"; http_method; content:"/fuza/1.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.91.68.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713631/; classtype:trojan-activity;sid:83576731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713629)"; flow:established,from_client; content:"GET"; http_method; content:"/smo/kus.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.91.68.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713629/; classtype:trojan-activity;sid:83576729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713630)"; flow:established,from_client; content:"GET"; http_method; content:"/smo/exto.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"77.91.68.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713630/; classtype:trojan-activity;sid:83576730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713628)"; flow:established,from_client; content:"GET"; http_method; content:"/other/softbot.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"aquabotnet.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713628/; classtype:trojan-activity;sid:83576728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713627)"; flow:established,from_client; content:"GET"; http_method; content:"/other/softbot.arm5n"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"aquabotnet.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713627/; classtype:trojan-activity;sid:83576727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.252.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713626/; classtype:trojan-activity;sid:83576726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.142.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_24; reference:url, urlhaus.abuse.ch/url/2713625/; classtype:trojan-activity;sid:83576725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713624)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.229.246.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713624/; classtype:trojan-activity;sid:83576724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713623)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.65.230.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713623/; classtype:trojan-activity;sid:83576723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713622)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.170.103.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713622/; classtype:trojan-activity;sid:83576722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.187.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713621/; classtype:trojan-activity;sid:83576721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.114.195.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713620/; classtype:trojan-activity;sid:83576720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.166.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713619/; classtype:trojan-activity;sid:83576719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713618)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"50.38.24.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713618/; classtype:trojan-activity;sid:83576718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.93.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713617/; classtype:trojan-activity;sid:83576717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.102.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713616/; classtype:trojan-activity;sid:83576716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713615)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"80.76.51.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713615/; classtype:trojan-activity;sid:83576715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713604)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.131.57.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713604/; classtype:trojan-activity;sid:83576704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713605)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.131.57.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713605/; classtype:trojan-activity;sid:83576705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713606)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.131.57.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713606/; classtype:trojan-activity;sid:83576706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713607)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.131.57.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713607/; classtype:trojan-activity;sid:83576707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713608)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.131.57.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713608/; classtype:trojan-activity;sid:83576708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713609)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.131.57.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713609/; classtype:trojan-activity;sid:83576709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713610)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.131.57.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713610/; classtype:trojan-activity;sid:83576710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713611)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.131.57.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713611/; classtype:trojan-activity;sid:83576711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713612)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.131.57.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713612/; classtype:trojan-activity;sid:83576712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713613)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.131.57.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713613/; classtype:trojan-activity;sid:83576713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713614)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.131.57.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713614/; classtype:trojan-activity;sid:83576714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.81.166.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713603/; classtype:trojan-activity;sid:83576703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.241.72.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713602/; classtype:trojan-activity;sid:83576702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713596)"; flow:established,from_client; content:"GET"; http_method; content:"/other/softbot.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"146.19.191.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713596/; classtype:trojan-activity;sid:83576696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713597)"; flow:established,from_client; content:"GET"; http_method; content:"/other/softbot.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"146.19.191.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713597/; classtype:trojan-activity;sid:83576697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713598)"; flow:established,from_client; content:"GET"; http_method; content:"/other/softbot.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"146.19.191.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713598/; classtype:trojan-activity;sid:83576698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713599)"; flow:established,from_client; content:"GET"; http_method; content:"/other/softbot.x586"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"146.19.191.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713599/; classtype:trojan-activity;sid:83576699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713600)"; flow:established,from_client; content:"GET"; http_method; content:"/other/softbot.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"146.19.191.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713600/; classtype:trojan-activity;sid:83576700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713601)"; flow:established,from_client; content:"GET"; http_method; content:"/other/softbot.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"146.19.191.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713601/; classtype:trojan-activity;sid:83576701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713593)"; flow:established,from_client; content:"GET"; http_method; content:"/other/softbot.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"146.19.191.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713593/; classtype:trojan-activity;sid:83576693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713594)"; flow:established,from_client; content:"GET"; http_method; content:"/other/softbot.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"146.19.191.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713594/; classtype:trojan-activity;sid:83576694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713595)"; flow:established,from_client; content:"GET"; http_method; content:"/other/softbot.arm5n"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"146.19.191.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713595/; classtype:trojan-activity;sid:83576695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713592)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.172.5.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713592/; classtype:trojan-activity;sid:83576692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713591)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"oqbkc.2023.ebeenj.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713591/; classtype:trojan-activity;sid:83576691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713590)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.204.107.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713590/; classtype:trojan-activity;sid:83576690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713589)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.222.36.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713589/; classtype:trojan-activity;sid:83576689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713588)"; flow:established,from_client; content:"GET"; http_method; content:"/other/softbot.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"aquabotnet.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713588/; classtype:trojan-activity;sid:83576688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713587)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.135.188.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713587/; classtype:trojan-activity;sid:83576687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713586)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.134.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713586/; classtype:trojan-activity;sid:83576686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713585)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.200.107.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713585/; classtype:trojan-activity;sid:83576685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713584/; classtype:trojan-activity;sid:83576684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/out.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.128.232.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713577/; classtype:trojan-activity;sid:83576677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/out.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.128.232.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713578/; classtype:trojan-activity;sid:83576678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713579)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/out.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.128.232.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713579/; classtype:trojan-activity;sid:83576679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/out.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.128.232.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713580/; classtype:trojan-activity;sid:83576680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713581)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/out.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.128.232.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713581/; classtype:trojan-activity;sid:83576681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713582)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/out.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.128.232.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713582/; classtype:trojan-activity;sid:83576682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713583)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/out.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.128.232.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713583/; classtype:trojan-activity;sid:83576683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/out.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.128.232.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713574/; classtype:trojan-activity;sid:83576674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/out.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.128.232.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713575/; classtype:trojan-activity;sid:83576675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/out.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.128.232.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713576/; classtype:trojan-activity;sid:83576676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.228.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713573/; classtype:trojan-activity;sid:83576673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.245.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713572/; classtype:trojan-activity;sid:83576672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713568)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713568/; classtype:trojan-activity;sid:83576668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713569)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713569/; classtype:trojan-activity;sid:83576669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713570)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713570/; classtype:trojan-activity;sid:83576670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713571)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713571/; classtype:trojan-activity;sid:83576671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713563)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713563/; classtype:trojan-activity;sid:83576663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713564)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713564/; classtype:trojan-activity;sid:83576664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713565)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713565/; classtype:trojan-activity;sid:83576665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713566)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713566/; classtype:trojan-activity;sid:83576666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713567)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.27.93.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713567/; classtype:trojan-activity;sid:83576667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.150.172.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713562/; classtype:trojan-activity;sid:83576662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713561)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.191.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713561/; classtype:trojan-activity;sid:83576661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713560)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jvasky.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713560/; classtype:trojan-activity;sid:83576660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713559)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kalendarze.merkuriusz.pl"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713559/; classtype:trojan-activity;sid:83576659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713557)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kapsalonbrand.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713557/; classtype:trojan-activity;sid:83576657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713558)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kantarellstigen1.se"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713558/; classtype:trojan-activity;sid:83576658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713555/; classtype:trojan-activity;sid:83576655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713556/; classtype:trojan-activity;sid:83576656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713554)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.234.183.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713554/; classtype:trojan-activity;sid:83576654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.13.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713553/; classtype:trojan-activity;sid:83576653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"128.199.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713541/; classtype:trojan-activity;sid:83576641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"128.199.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713542/; classtype:trojan-activity;sid:83576642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"128.199.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713543/; classtype:trojan-activity;sid:83576643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"128.199.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713544/; classtype:trojan-activity;sid:83576644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713545)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"128.199.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713545/; classtype:trojan-activity;sid:83576645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"128.199.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713546/; classtype:trojan-activity;sid:83576646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"128.199.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713547/; classtype:trojan-activity;sid:83576647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"128.199.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713548/; classtype:trojan-activity;sid:83576648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"128.199.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713549/; classtype:trojan-activity;sid:83576649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"128.199.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713550/; classtype:trojan-activity;sid:83576650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"128.199.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713551/; classtype:trojan-activity;sid:83576651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"128.199.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713552/; classtype:trojan-activity;sid:83576652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713533)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.37.80.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713533/; classtype:trojan-activity;sid:83576633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713534)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.37.80.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713534/; classtype:trojan-activity;sid:83576634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713535)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.37.80.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713535/; classtype:trojan-activity;sid:83576635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713536)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.37.80.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713536/; classtype:trojan-activity;sid:83576636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713537)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.37.80.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713537/; classtype:trojan-activity;sid:83576637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713538)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.37.80.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713538/; classtype:trojan-activity;sid:83576638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713539)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.37.80.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713539/; classtype:trojan-activity;sid:83576639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713540)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.37.80.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713540/; classtype:trojan-activity;sid:83576640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713531)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.37.80.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713531/; classtype:trojan-activity;sid:83576631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713532)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.37.80.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713532/; classtype:trojan-activity;sid:83576632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.221.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713530/; classtype:trojan-activity;sid:83576630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.108.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713529/; classtype:trojan-activity;sid:83576629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.215.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713528/; classtype:trojan-activity;sid:83576628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713527)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.237.41.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713527/; classtype:trojan-activity;sid:83576627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.166.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713526/; classtype:trojan-activity;sid:83576626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.187.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713525/; classtype:trojan-activity;sid:83576625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.12.32"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713524/; classtype:trojan-activity;sid:83576624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713523)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666018050|3f|hash=xose2yzq2ypus67po5nptg1leb41lwuetufvnabrz0c|7c|26|7c|dl=jhnohk7wcyq77p6eu3iblvppooxmafhvgerr4hulcgw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713523/; classtype:trojan-activity;sid:83576623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713522)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666057427|3f|hash=gpfwgo5s14fcqtmqoizksmi2lti021vp9tia4yjw6dd|7c|26|7c|dl=3nbwxm4f9foghxom7m3ocjy4lvmxzw61yuwbtre2eml|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713522/; classtype:trojan-activity;sid:83576622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713520)"; flow:established,from_client; content:"GET"; http_method; content:"/dark/nsi85.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.91.68.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713520/; classtype:trojan-activity;sid:83576620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713521)"; flow:established,from_client; content:"GET"; http_method; content:"/ddag4hg34g34/hrthrthrthrth/raw/master/licensechecker.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713521/; classtype:trojan-activity;sid:83576621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713518)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666059249|3f|hash=cjwgp5anlpwtsel7nzpxz6ngmm0zlxt41yxu3erxc8s|7c|26|7c|dl=2zniblfxqqx0dhst6h7lj6jhc6h1rvqwirrhzoqfyux|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713518/; classtype:trojan-activity;sid:83576618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713519)"; flow:established,from_client; content:"GET"; http_method; content:"/c.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"194.55.224.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713519/; classtype:trojan-activity;sid:83576619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713517)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666036259|3f|hash=obidi0zfvcmvymldf8piebmtutjrhslbxqp8bbkbopl|7c|26|7c|dl=oezzzcypnqz2tlenzmgmmgix7zs0dli1y9qy2cesjo4|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713517/; classtype:trojan-activity;sid:83576617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.178.125.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713516/; classtype:trojan-activity;sid:83576616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.77.96.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713514/; classtype:trojan-activity;sid:83576614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713515/; classtype:trojan-activity;sid:83576615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713513)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713513/; classtype:trojan-activity;sid:83576613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713512)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.95.169.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713512/; classtype:trojan-activity;sid:83576612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713511)"; flow:established,from_client; content:"GET"; http_method; content:"/myn.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"79.110.48.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713511/; classtype:trojan-activity;sid:83576611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713510)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.46.227.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713510/; classtype:trojan-activity;sid:83576610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.72.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713509/; classtype:trojan-activity;sid:83576609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713501)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.181.80.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713501/; classtype:trojan-activity;sid:83576601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713502)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.181.80.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713502/; classtype:trojan-activity;sid:83576602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713503)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.181.80.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713503/; classtype:trojan-activity;sid:83576603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713504)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.181.80.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713504/; classtype:trojan-activity;sid:83576604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713505)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.181.80.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713505/; classtype:trojan-activity;sid:83576605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713506)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.181.80.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713506/; classtype:trojan-activity;sid:83576606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713507)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.181.80.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713507/; classtype:trojan-activity;sid:83576607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713508)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.181.80.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713508/; classtype:trojan-activity;sid:83576608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713500)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.181.80.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713500/; classtype:trojan-activity;sid:83576600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.72.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713499/; classtype:trojan-activity;sid:83576599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713496)"; flow:established,from_client; content:"GET"; http_method; content:"/eramthginseggibruoy/yourbiggestnightmare.x86"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"5.181.80.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713496/; classtype:trojan-activity;sid:83576596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713497)"; flow:established,from_client; content:"GET"; http_method; content:"/eramthginseggibruoy/yourbiggestnightmare.x86_64"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"5.181.80.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713497/; classtype:trojan-activity;sid:83576597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713498)"; flow:established,from_client; content:"GET"; http_method; content:"/eramthginseggibruoy/yourbiggestnightmare.mips"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"5.181.80.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713498/; classtype:trojan-activity;sid:83576598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713493)"; flow:established,from_client; content:"GET"; http_method; content:"/eramthginseggibruoy/yourbiggestnightmare.ppc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"5.181.80.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713493/; classtype:trojan-activity;sid:83576593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713494)"; flow:established,from_client; content:"GET"; http_method; content:"/eramthginseggibruoy/yourbiggestnightmare.i486"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"5.181.80.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713494/; classtype:trojan-activity;sid:83576594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713495)"; flow:established,from_client; content:"GET"; http_method; content:"/eramthginseggibruoy/yourbiggestnightmare.i686"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"5.181.80.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713495/; classtype:trojan-activity;sid:83576595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713489)"; flow:established,from_client; content:"GET"; http_method; content:"/eramthginseggibruoy/yourbiggestnightmare.mpsl"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"5.181.80.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713489/; classtype:trojan-activity;sid:83576589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713490)"; flow:established,from_client; content:"GET"; http_method; content:"/eramthginseggibruoy/yourbiggestnightmare.spc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"5.181.80.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713490/; classtype:trojan-activity;sid:83576590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713491)"; flow:established,from_client; content:"GET"; http_method; content:"/eramthginseggibruoy/yourbiggestnightmare.arm5"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"5.181.80.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713491/; classtype:trojan-activity;sid:83576591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713492)"; flow:established,from_client; content:"GET"; http_method; content:"/eramthginseggibruoy/yourbiggestnightmare.sh4"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"5.181.80.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713492/; classtype:trojan-activity;sid:83576592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713488)"; flow:established,from_client; content:"GET"; http_method; content:"/uchefridauuuuuuufile.vbs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"193.42.33.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713488/; classtype:trojan-activity;sid:83576588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713487)"; flow:established,from_client; content:"GET"; http_method; content:"/eramthginseggibruoy/yourbiggestnightmare.m68k"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"5.181.80.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713487/; classtype:trojan-activity;sid:83576587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713478)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713478/; classtype:trojan-activity;sid:83576578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713479)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713479/; classtype:trojan-activity;sid:83576579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713480)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713480/; classtype:trojan-activity;sid:83576580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713481)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713481/; classtype:trojan-activity;sid:83576581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713482)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713482/; classtype:trojan-activity;sid:83576582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713483)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713483/; classtype:trojan-activity;sid:83576583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713484)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713484/; classtype:trojan-activity;sid:83576584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713485)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713485/; classtype:trojan-activity;sid:83576585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713486)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713486/; classtype:trojan-activity;sid:83576586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713474)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713474/; classtype:trojan-activity;sid:83576574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713475)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713475/; classtype:trojan-activity;sid:83576575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713476)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713476/; classtype:trojan-activity;sid:83576576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713477)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713477/; classtype:trojan-activity;sid:83576577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713471)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713471/; classtype:trojan-activity;sid:83576571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713472)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713472/; classtype:trojan-activity;sid:83576572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713473)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.181.80.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713473/; classtype:trojan-activity;sid:83576573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713470)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"94.228.169.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713470/; classtype:trojan-activity;sid:83576570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713469)"; flow:established,from_client; content:"GET"; http_method; content:"/qasx.vbs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.110.48.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713469/; classtype:trojan-activity;sid:83576569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713467)"; flow:established,from_client; content:"GET"; http_method; content:"/couzineeeeeeeeeeeeee.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"193.42.33.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713467/; classtype:trojan-activity;sid:83576567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713468)"; flow:established,from_client; content:"GET"; http_method; content:"/aktivosexeeeeeee.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"193.42.33.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713468/; classtype:trojan-activity;sid:83576568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713466)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.95.169.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713466/; classtype:trojan-activity;sid:83576566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.72.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713465/; classtype:trojan-activity;sid:83576565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713464)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aquabotnet.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713464/; classtype:trojan-activity;sid:83576564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713462)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aquabotnet.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713462/; classtype:trojan-activity;sid:83576562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713463)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aquabotnet.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713463/; classtype:trojan-activity;sid:83576563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713456)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aquabotnet.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713456/; classtype:trojan-activity;sid:83576556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713457)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aquabotnet.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713457/; classtype:trojan-activity;sid:83576557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713458)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aquabotnet.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713458/; classtype:trojan-activity;sid:83576558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713459)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aquabotnet.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713459/; classtype:trojan-activity;sid:83576559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713460)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aquabotnet.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713460/; classtype:trojan-activity;sid:83576560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713461)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aquabotnet.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713461/; classtype:trojan-activity;sid:83576561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713455)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aquabotnet.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713455/; classtype:trojan-activity;sid:83576555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713454)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"65.26.153.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713454/; classtype:trojan-activity;sid:83576554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713446)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.88.90.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713446/; classtype:trojan-activity;sid:83576546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713447)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.88.90.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713447/; classtype:trojan-activity;sid:83576547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713448)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.88.90.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713448/; classtype:trojan-activity;sid:83576548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713449)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.88.90.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713449/; classtype:trojan-activity;sid:83576549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713450)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.88.90.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713450/; classtype:trojan-activity;sid:83576550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713451)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.88.90.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713451/; classtype:trojan-activity;sid:83576551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713452)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.88.90.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713452/; classtype:trojan-activity;sid:83576552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713453)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.88.90.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713453/; classtype:trojan-activity;sid:83576553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713443)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.88.90.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713443/; classtype:trojan-activity;sid:83576543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713444)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.88.90.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713444/; classtype:trojan-activity;sid:83576544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713445)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.88.90.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713445/; classtype:trojan-activity;sid:83576545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713433)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.37.80.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713433/; classtype:trojan-activity;sid:83576533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713434)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.37.80.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713434/; classtype:trojan-activity;sid:83576534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713435)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.37.80.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713435/; classtype:trojan-activity;sid:83576535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713436)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.37.80.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713436/; classtype:trojan-activity;sid:83576536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713437)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.37.80.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713437/; classtype:trojan-activity;sid:83576537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713438)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.37.80.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713438/; classtype:trojan-activity;sid:83576538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713439)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"194.37.80.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713439/; classtype:trojan-activity;sid:83576539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713440)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.37.80.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713440/; classtype:trojan-activity;sid:83576540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713441)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.37.80.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713441/; classtype:trojan-activity;sid:83576541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713442)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"194.37.80.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713442/; classtype:trojan-activity;sid:83576542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713432)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.106.130.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713432/; classtype:trojan-activity;sid:83576532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713431)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"61.222.158.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713431/; classtype:trojan-activity;sid:83576531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713430)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"141.98.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713430/; classtype:trojan-activity;sid:83576530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.32.172.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713429/; classtype:trojan-activity;sid:83576529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.114.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713428/; classtype:trojan-activity;sid:83576528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.27.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713427/; classtype:trojan-activity;sid:83576527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.162.71.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713426/; classtype:trojan-activity;sid:83576526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713421)"; flow:established,from_client; content:"GET"; http_method; content:"/044d0f5f47e0eb72/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"176.123.8.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713421/; classtype:trojan-activity;sid:83576521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713422)"; flow:established,from_client; content:"GET"; http_method; content:"/044d0f5f47e0eb72/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.123.8.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713422/; classtype:trojan-activity;sid:83576522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713423)"; flow:established,from_client; content:"GET"; http_method; content:"/044d0f5f47e0eb72/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.123.8.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713423/; classtype:trojan-activity;sid:83576523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713424)"; flow:established,from_client; content:"GET"; http_method; content:"/044d0f5f47e0eb72/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"176.123.8.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713424/; classtype:trojan-activity;sid:83576524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713425)"; flow:established,from_client; content:"GET"; http_method; content:"/044d0f5f47e0eb72/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"176.123.8.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713425/; classtype:trojan-activity;sid:83576525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713419)"; flow:established,from_client; content:"GET"; http_method; content:"/044d0f5f47e0eb72/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"176.123.8.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713419/; classtype:trojan-activity;sid:83576519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713420)"; flow:established,from_client; content:"GET"; http_method; content:"/044d0f5f47e0eb72/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"176.123.8.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713420/; classtype:trojan-activity;sid:83576520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713418)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.183.113.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713418/; classtype:trojan-activity;sid:83576518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713416)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.183.113.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713416/; classtype:trojan-activity;sid:83576516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713417)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.183.113.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713417/; classtype:trojan-activity;sid:83576517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713407)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.183.113.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713407/; classtype:trojan-activity;sid:83576507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713408)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.183.113.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713408/; classtype:trojan-activity;sid:83576508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713409)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.183.113.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713409/; classtype:trojan-activity;sid:83576509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713410)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.183.113.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713410/; classtype:trojan-activity;sid:83576510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713411)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.183.113.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713411/; classtype:trojan-activity;sid:83576511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713412)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.183.113.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713412/; classtype:trojan-activity;sid:83576512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713413)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.183.113.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713413/; classtype:trojan-activity;sid:83576513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713414)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.183.113.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713414/; classtype:trojan-activity;sid:83576514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713415)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.183.113.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713415/; classtype:trojan-activity;sid:83576515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713406)"; flow:established,from_client; content:"GET"; http_method; content:"/index.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.42.77.33"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713406/; classtype:trojan-activity;sid:83576506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.239.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713405/; classtype:trojan-activity;sid:83576505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713404)"; flow:established,from_client; content:"GET"; http_method; content:"/ddag4hg34g34/hrthrthrthrth/raw/46dc68b913e68de5a96b6f9b38a5957baaa7a99a/black.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713404/; classtype:trojan-activity;sid:83576504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713403)"; flow:established,from_client; content:"GET"; http_method; content:"/app1.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sa-cx.itsaol.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713403/; classtype:trojan-activity;sid:83576503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713401)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"adl-stt.otzo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713401/; classtype:trojan-activity;sid:83576501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713402)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"iran-tn.itsaol.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713402/; classtype:trojan-activity;sid:83576502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713399)"; flow:established,from_client; content:"GET"; http_method; content:"/ddag4hg34g34/hrthrthrthrth/raw/46dc68b913e68de5a96b6f9b38a5957baaa7a99a/yellow.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713399/; classtype:trojan-activity;sid:83576499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713400)"; flow:established,from_client; content:"GET"; http_method; content:"/ddag4hg34g34/hrthrthrthrth/raw/46dc68b913e68de5a96b6f9b38a5957baaa7a99a/green.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713400/; classtype:trojan-activity;sid:83576500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713397)"; flow:established,from_client; content:"GET"; http_method; content:"/ddag4hg34g34/hrthrthrthrth/raw/46dc68b913e68de5a96b6f9b38a5957baaa7a99a/blue.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713397/; classtype:trojan-activity;sid:83576497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713398)"; flow:established,from_client; content:"GET"; http_method; content:"/ddag4hg34g34/hrthrthrthrth/raw/46dc68b913e68de5a96b6f9b38a5957baaa7a99a/dv.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713398/; classtype:trojan-activity;sid:83576498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713396)"; flow:established,from_client; content:"GET"; http_method; content:"/ddag4hg34g34/hrthrthrthrth/raw/46dc68b913e68de5a96b6f9b38a5957baaa7a99a/plv.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713396/; classtype:trojan-activity;sid:83576496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713395)"; flow:established,from_client; content:"GET"; http_method; content:"/ddag4hg34g34/hrthrthrthrth/raw/46dc68b913e68de5a96b6f9b38a5957baaa7a99a/gray.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713395/; classtype:trojan-activity;sid:83576495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713394)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_666030821|3f|hash=qzi5t5onn7n8xmcjle5atir6gflbztayd6ayjqdrurc|7c|26|7c|dl=zzevofybzez3e8eo50hjn6wecsklkxvny4eqlnkz2x4|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713394/; classtype:trojan-activity;sid:83576494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.150.175.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713393/; classtype:trojan-activity;sid:83576493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.36.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713392/; classtype:trojan-activity;sid:83576492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.37.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713391/; classtype:trojan-activity;sid:83576491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713390)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mphqg.2023.ebeenj.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713390/; classtype:trojan-activity;sid:83576490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.152.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713389/; classtype:trojan-activity;sid:83576489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.147.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713388/; classtype:trojan-activity;sid:83576488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.62.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713387/; classtype:trojan-activity;sid:83576487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.136.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713386/; classtype:trojan-activity;sid:83576486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.62.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713385/; classtype:trojan-activity;sid:83576485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713384)"; flow:established,from_client; content:"GET"; http_method; content:"/paste-code/bqcb"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wtools.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713384/; classtype:trojan-activity;sid:83576484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.112.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713383/; classtype:trojan-activity;sid:83576483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713382)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.5.235.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713382/; classtype:trojan-activity;sid:83576482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.172.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713381/; classtype:trojan-activity;sid:83576481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713380)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.94.126.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_23; reference:url, urlhaus.abuse.ch/url/2713380/; classtype:trojan-activity;sid:83576480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713379/; classtype:trojan-activity;sid:83576479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713377)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.178.234.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713377/; classtype:trojan-activity;sid:83576477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713378)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.178.234.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713378/; classtype:trojan-activity;sid:83576478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.102.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713376/; classtype:trojan-activity;sid:83576476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.182.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713375/; classtype:trojan-activity;sid:83576475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713374)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.218.35.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713374/; classtype:trojan-activity;sid:83576474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.162.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713373/; classtype:trojan-activity;sid:83576473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713372)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713372/; classtype:trojan-activity;sid:83576472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713361)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713361/; classtype:trojan-activity;sid:83576461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713362)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713362/; classtype:trojan-activity;sid:83576462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713363)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713363/; classtype:trojan-activity;sid:83576463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713364)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713364/; classtype:trojan-activity;sid:83576464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713365)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713365/; classtype:trojan-activity;sid:83576465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713366)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713366/; classtype:trojan-activity;sid:83576466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713367)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713367/; classtype:trojan-activity;sid:83576467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713368)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713368/; classtype:trojan-activity;sid:83576468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713369)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713369/; classtype:trojan-activity;sid:83576469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713370)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713370/; classtype:trojan-activity;sid:83576470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713371)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.229.77.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713371/; classtype:trojan-activity;sid:83576471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713360)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.176.97.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713360/; classtype:trojan-activity;sid:83576460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713351)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.66.230.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713351/; classtype:trojan-activity;sid:83576451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713352)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.230.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713352/; classtype:trojan-activity;sid:83576452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713353)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.230.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713353/; classtype:trojan-activity;sid:83576453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713354)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.230.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713354/; classtype:trojan-activity;sid:83576454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713355)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.66.230.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713355/; classtype:trojan-activity;sid:83576455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713356)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.66.230.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713356/; classtype:trojan-activity;sid:83576456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713357)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.66.230.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713357/; classtype:trojan-activity;sid:83576457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713358)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.230.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713358/; classtype:trojan-activity;sid:83576458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713359)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.66.230.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713359/; classtype:trojan-activity;sid:83576459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.81.162.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713350/; classtype:trojan-activity;sid:83576450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713349)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.146.220.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713349/; classtype:trojan-activity;sid:83576449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713348)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.245.16.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713348/; classtype:trojan-activity;sid:83576448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713336)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.66.230.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713336/; classtype:trojan-activity;sid:83576436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713337)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.230.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713337/; classtype:trojan-activity;sid:83576437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713338)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.230.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713338/; classtype:trojan-activity;sid:83576438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713339)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.66.230.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713339/; classtype:trojan-activity;sid:83576439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713340)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.230.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713340/; classtype:trojan-activity;sid:83576440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713341)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.230.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713341/; classtype:trojan-activity;sid:83576441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713342)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.230.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713342/; classtype:trojan-activity;sid:83576442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713343)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.230.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713343/; classtype:trojan-activity;sid:83576443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713344)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.66.230.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713344/; classtype:trojan-activity;sid:83576444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713345)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.66.230.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713345/; classtype:trojan-activity;sid:83576445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713346)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.66.230.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713346/; classtype:trojan-activity;sid:83576446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713347)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.66.230.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713347/; classtype:trojan-activity;sid:83576447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713335)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.126.19.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713335/; classtype:trojan-activity;sid:83576435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713334)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sdxkzx_uxa229x.mips"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"194.180.49.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713334/; classtype:trojan-activity;sid:83576434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713333)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.67.197.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713333/; classtype:trojan-activity;sid:83576433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713327)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.67.197.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713327/; classtype:trojan-activity;sid:83576427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713328)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.67.197.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713328/; classtype:trojan-activity;sid:83576428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713329)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.67.197.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713329/; classtype:trojan-activity;sid:83576429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713330)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sdxkzx_uxa229x.x86"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"194.180.49.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713330/; classtype:trojan-activity;sid:83576430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713331)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sdxkzx_uxa229x.arm7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"194.180.49.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713331/; classtype:trojan-activity;sid:83576431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713332)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.67.197.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713332/; classtype:trojan-activity;sid:83576432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713321)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.67.197.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713321/; classtype:trojan-activity;sid:83576421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713322)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.67.197.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713322/; classtype:trojan-activity;sid:83576422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713323)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.67.197.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713323/; classtype:trojan-activity;sid:83576423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713324)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.67.197.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713324/; classtype:trojan-activity;sid:83576424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713325)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sdxkzx_uxa229x.ppc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"194.180.49.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713325/; classtype:trojan-activity;sid:83576425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713326)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.67.197.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713326/; classtype:trojan-activity;sid:83576426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713317)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sdxkzx_uxa229x.mpsl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"194.180.49.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713317/; classtype:trojan-activity;sid:83576417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713318)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sdxkzx_uxa229x.arm5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"194.180.49.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713318/; classtype:trojan-activity;sid:83576418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713319)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sdxkzx_uxa229x.arm6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"194.180.49.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713319/; classtype:trojan-activity;sid:83576419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713320)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.67.197.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713320/; classtype:trojan-activity;sid:83576420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713316)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sdxkzx_uxa229x.arm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"194.180.49.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713316/; classtype:trojan-activity;sid:83576416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.176.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713315/; classtype:trojan-activity;sid:83576415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713314)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ksi.2023.ebeenj.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713314/; classtype:trojan-activity;sid:83576414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.176.129.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713313/; classtype:trojan-activity;sid:83576413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713312)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.204.234.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713312/; classtype:trojan-activity;sid:83576412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713311)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.218.15.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713311/; classtype:trojan-activity;sid:83576411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.220.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713310/; classtype:trojan-activity;sid:83576410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.42.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713309/; classtype:trojan-activity;sid:83576409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.69.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713308/; classtype:trojan-activity;sid:83576408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.178.125.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713307/; classtype:trojan-activity;sid:83576407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713306)"; flow:established,from_client; content:"GET"; http_method; content:"/css/nuclear.aul"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"alaneade.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713306/; classtype:trojan-activity;sid:83576406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713305)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.25.187.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713305/; classtype:trojan-activity;sid:83576405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713304)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.151.24.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713304/; classtype:trojan-activity;sid:83576404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713301)"; flow:established,from_client; content:"GET"; http_method; content:"/doc-235.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.151.24.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713301/; classtype:trojan-activity;sid:83576401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713302)"; flow:established,from_client; content:"GET"; http_method; content:"/data.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.151.24.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713302/; classtype:trojan-activity;sid:83576402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713303)"; flow:established,from_client; content:"GET"; http_method; content:"/test.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.151.24.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713303/; classtype:trojan-activity;sid:83576403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.124.219.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713300/; classtype:trojan-activity;sid:83576400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.113.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713299/; classtype:trojan-activity;sid:83576399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.62.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713298/; classtype:trojan-activity;sid:83576398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713297)"; flow:established,from_client; content:"GET"; http_method; content:"/get/jwnonuaumt/egrome.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"transfer.sh"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713297/; classtype:trojan-activity;sid:83576397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713296)"; flow:established,from_client; content:"GET"; http_method; content:"/kuci/wxwefbwfojul7eo.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"179.43.176.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713296/; classtype:trojan-activity;sid:83576396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713295)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.191.140.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713295/; classtype:trojan-activity;sid:83576395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713294)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.135.104.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713294/; classtype:trojan-activity;sid:83576394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713292)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/whitecrypt.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713292/; classtype:trojan-activity;sid:83576392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713293)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/dropper.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713293/; classtype:trojan-activity;sid:83576393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713290)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/app1234.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713290/; classtype:trojan-activity;sid:83576390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713291)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/dropper1.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713291/; classtype:trojan-activity;sid:83576391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713289)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/lummac2.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713289/; classtype:trojan-activity;sid:83576389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713288)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/rh_0.4.9rc1.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713288/; classtype:trojan-activity;sid:83576388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713287)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/2.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713287/; classtype:trojan-activity;sid:83576387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713286)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/cgpcc.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713286/; classtype:trojan-activity;sid:83576386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713285)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"lxdi.2023.ebeenj.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713285/; classtype:trojan-activity;sid:83576385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713284)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"80.251.153.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713284/; classtype:trojan-activity;sid:83576384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713283)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/d3xi5rws2ffuli.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"77.91.68.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713283/; classtype:trojan-activity;sid:83576383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713277)"; flow:established,from_client; content:"GET"; http_method; content:"/ruchamcie/devx.m68k"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713277/; classtype:trojan-activity;sid:83576377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713278)"; flow:established,from_client; content:"GET"; http_method; content:"/ruchamcie/devx.ppc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713278/; classtype:trojan-activity;sid:83576378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713279)"; flow:established,from_client; content:"GET"; http_method; content:"/ruchamcie/devx.arm5"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713279/; classtype:trojan-activity;sid:83576379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713280)"; flow:established,from_client; content:"GET"; http_method; content:"/ruchamcie/devx.spc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713280/; classtype:trojan-activity;sid:83576380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713281)"; flow:established,from_client; content:"GET"; http_method; content:"/ruchamcie/devx.i686"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713281/; classtype:trojan-activity;sid:83576381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713282)"; flow:established,from_client; content:"GET"; http_method; content:"/ruchamcie/devx.arm7"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713282/; classtype:trojan-activity;sid:83576382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713266)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.66.230.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713266/; classtype:trojan-activity;sid:83576366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713267)"; flow:established,from_client; content:"GET"; http_method; content:"/ruchamcie/devx.mips"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713267/; classtype:trojan-activity;sid:83576367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713268)"; flow:established,from_client; content:"GET"; http_method; content:"/ruchamcie/devx.arm6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713268/; classtype:trojan-activity;sid:83576368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713269)"; flow:established,from_client; content:"GET"; http_method; content:"/ruchamcie/devx.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713269/; classtype:trojan-activity;sid:83576369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713270)"; flow:established,from_client; content:"GET"; http_method; content:"/ruchamcie/devx.mpsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713270/; classtype:trojan-activity;sid:83576370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713271)"; flow:established,from_client; content:"GET"; http_method; content:"/ruchamcie/devx.arc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713271/; classtype:trojan-activity;sid:83576371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713272)"; flow:established,from_client; content:"GET"; http_method; content:"/ruchamcie/devx.sh4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713272/; classtype:trojan-activity;sid:83576372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713273)"; flow:established,from_client; content:"GET"; http_method; content:"/devx.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713273/; classtype:trojan-activity;sid:83576373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713274)"; flow:established,from_client; content:"GET"; http_method; content:"/ruchamcie/devx.arm"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"141.98.10.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713274/; classtype:trojan-activity;sid:83576374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713275)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.251.153.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713275/; classtype:trojan-activity;sid:83576375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713276)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.228.126.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713276/; classtype:trojan-activity;sid:83576376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713265)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.189.26.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713265/; classtype:trojan-activity;sid:83576365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713264)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.66.230.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713264/; classtype:trojan-activity;sid:83576364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.150.183.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713262/; classtype:trojan-activity;sid:83576362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.24.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713263/; classtype:trojan-activity;sid:83576363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713261)"; flow:established,from_client; content:"GET"; http_method; content:"/clip.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rusticironstore.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713261/; classtype:trojan-activity;sid:83576361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713260)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.65.41.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713260/; classtype:trojan-activity;sid:83576360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.221.25.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713259/; classtype:trojan-activity;sid:83576359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"187.147.145.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713258/; classtype:trojan-activity;sid:83576358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713257)"; flow:established,from_client; content:"GET"; http_method; content:"/bypass.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.66.230.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713257/; classtype:trojan-activity;sid:83576357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713256)"; flow:established,from_client; content:"GET"; http_method; content:"/malware.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.230.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713256/; classtype:trojan-activity;sid:83576356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713255)"; flow:established,from_client; content:"GET"; http_method; content:"/lb3.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.66.230.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713255/; classtype:trojan-activity;sid:83576355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713254)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.53.37.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713254/; classtype:trojan-activity;sid:83576354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713253)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.67.83.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713253/; classtype:trojan-activity;sid:83576353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.79.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713252/; classtype:trojan-activity;sid:83576352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713251)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jtvo.2023.ebeenj.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713251/; classtype:trojan-activity;sid:83576351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.200.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713250/; classtype:trojan-activity;sid:83576350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.79.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713249/; classtype:trojan-activity;sid:83576349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713248)"; flow:established,from_client; content:"GET"; http_method; content:"/gotocheckout"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"japcr.reseller.wonderfulworldblog.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713248/; classtype:trojan-activity;sid:83576348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.32.4.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713247/; classtype:trojan-activity;sid:83576347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.0.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713246/; classtype:trojan-activity;sid:83576346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713245)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.44.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713245/; classtype:trojan-activity;sid:83576345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713242)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/614/895/original/rump_vbs.jpg|3f|1695246171"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713242/; classtype:trojan-activity;sid:83576342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713243)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/614/895/original/rump_vbs.jpg|3f|"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713243/; classtype:trojan-activity;sid:83576343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713244)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/614/895/original/rump_vbs.jpg"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713244/; classtype:trojan-activity;sid:83576344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.72.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713241/; classtype:trojan-activity;sid:83576341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713240)"; flow:established,from_client; content:"GET"; http_method; content:"/items/rbuzpj2w/2ac82382-33f7-4490-a91d-e3cfe4d82faa.exe|3f|response-content-disposition=attachment%3b+filename%3d%22reserva....exe%22%3b+filename%2a%3dutf-8%27%27reserva....exe|7c|26|7c|source=download|7c|26|7c|v=3403cb537d8e1e6257068d3189705050"; http_uri; depth:246; isdataat:!1,relative; nocase; content:"p44.p3.n0.cdn.getcloudapp.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713240/; classtype:trojan-activity;sid:83576340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.154.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713239/; classtype:trojan-activity;sid:83576339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713238)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.185.240.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713238/; classtype:trojan-activity;sid:83576338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.72.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713237/; classtype:trojan-activity;sid:83576337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713236)"; flow:established,from_client; content:"GET"; http_method; content:"/kitlouco.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"172.200.176.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713236/; classtype:trojan-activity;sid:83576336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713235)"; flow:established,from_client; content:"GET"; http_method; content:"/pop3smtp/draline/main/lilowerre.nls"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713235/; classtype:trojan-activity;sid:83576335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713234)"; flow:established,from_client; content:"GET"; http_method; content:"/185.28.39.18/damianozx.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.28.39.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713234/; classtype:trojan-activity;sid:83576334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713233)"; flow:established,from_client; content:"GET"; http_method; content:"/protect.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"reshuld247.click"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713233/; classtype:trojan-activity;sid:83576333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713232)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.13.91.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713232/; classtype:trojan-activity;sid:83576332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713231)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.160.164.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713231/; classtype:trojan-activity;sid:83576331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713230)"; flow:established,from_client; content:"GET"; http_method; content:"/gyaqzwfmrmxtpcklhf64.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"omegalb.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713230/; classtype:trojan-activity;sid:83576330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713229)"; flow:established,from_client; content:"GET"; http_method; content:"/aogrsaq74.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.189.131.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713229/; classtype:trojan-activity;sid:83576329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713228)"; flow:established,from_client; content:"GET"; http_method; content:"/vqbpmyapeydmrpetxgscme219.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.255.114.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713228/; classtype:trojan-activity;sid:83576328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.53.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713227/; classtype:trojan-activity;sid:83576327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713225)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.15.169"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713225/; classtype:trojan-activity;sid:83576325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713226)"; flow:established,from_client; content:"GET"; http_method; content:"/univer.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sterkinekor.co.zw"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713226/; classtype:trojan-activity;sid:83576326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713224)"; flow:established,from_client; content:"GET"; http_method; content:"/2c960ece73a2c15a/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"193.168.141.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713224/; classtype:trojan-activity;sid:83576324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713218)"; flow:established,from_client; content:"GET"; http_method; content:"/2c960ece73a2c15a/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"193.168.141.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713218/; classtype:trojan-activity;sid:83576318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713219)"; flow:established,from_client; content:"GET"; http_method; content:"/2c960ece73a2c15a/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"193.168.141.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713219/; classtype:trojan-activity;sid:83576319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713220)"; flow:established,from_client; content:"GET"; http_method; content:"/2c960ece73a2c15a/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"193.168.141.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713220/; classtype:trojan-activity;sid:83576320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713221)"; flow:established,from_client; content:"GET"; http_method; content:"/2c960ece73a2c15a/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"193.168.141.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713221/; classtype:trojan-activity;sid:83576321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713222)"; flow:established,from_client; content:"GET"; http_method; content:"/2c960ece73a2c15a/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"193.168.141.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713222/; classtype:trojan-activity;sid:83576322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713223)"; flow:established,from_client; content:"GET"; http_method; content:"/2c960ece73a2c15a/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"193.168.141.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713223/; classtype:trojan-activity;sid:83576323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713217)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.119.2.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713217/; classtype:trojan-activity;sid:83576317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713216)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.55.125.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713216/; classtype:trojan-activity;sid:83576316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.221.99.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713215/; classtype:trojan-activity;sid:83576315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713214)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.127.205.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713214/; classtype:trojan-activity;sid:83576314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713213)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.27.129.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713213/; classtype:trojan-activity;sid:83576313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713212)"; flow:established,from_client; content:"GET"; http_method; content:"/protect.msi"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"reshuld247.click"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713212/; classtype:trojan-activity;sid:83576312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713211)"; flow:established,from_client; content:"GET"; http_method; content:"/jk.dll"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"reshuld247.click"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713211/; classtype:trojan-activity;sid:83576311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713210)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"reshuld247.click"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713210/; classtype:trojan-activity;sid:83576310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713209)"; flow:established,from_client; content:"GET"; http_method; content:"/try.msi"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"reshuld247.click"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713209/; classtype:trojan-activity;sid:83576309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713208)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/yanf/ulk.vbs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"greenvillage.or.tz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713208/; classtype:trojan-activity;sid:83576308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713207)"; flow:established,from_client; content:"GET"; http_method; content:"/kencec.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.110.48.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713207/; classtype:trojan-activity;sid:83576307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.221.99.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713206/; classtype:trojan-activity;sid:83576306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713205)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.100.152.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713205/; classtype:trojan-activity;sid:83576305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713202)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ed-ta.itsaol.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713202/; classtype:trojan-activity;sid:83576302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713203)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.246.41.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713203/; classtype:trojan-activity;sid:83576303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713204)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_665990063|3f|hash=ftoleqmyyxtdmy0q5gs7zyzcivmrunzzw9zky5cobgo|7c|26|7c|dl=s9k3itq77fo8juzoztx7rwsexx7q391g3ky8sc1kccd|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713204/; classtype:trojan-activity;sid:83576304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713198)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"images.cjp.mx"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713198/; classtype:trojan-activity;sid:83576298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713199)"; flow:established,from_client; content:"GET"; http_method; content:"/blog.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ikwilvanmijnpoloaf.nl"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713199/; classtype:trojan-activity;sid:83576299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713200)"; flow:established,from_client; content:"GET"; http_method; content:"/doc52355237_665985118|3f|hash=1njqe96cipcayctzips9pyxja22v4rq2p1s0vrk3izc|7c|26|7c|dl=n6cews3xiwn5q4xqqrbfazasuuclezzki9duuwf0yyt|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713200/; classtype:trojan-activity;sid:83576300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713201)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"60.198.35.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713201/; classtype:trojan-activity;sid:83576301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713197)"; flow:established,from_client; content:"GET"; http_method; content:"/sahamedalat.apk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"uilscvnzdds.shop"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713197/; classtype:trojan-activity;sid:83576297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.166.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713196/; classtype:trojan-activity;sid:83576296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713195)"; flow:established,from_client; content:"GET"; http_method; content:"/files/umm.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.42.32.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713195/; classtype:trojan-activity;sid:83576295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713194)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.43.211.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713194/; classtype:trojan-activity;sid:83576294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.58.94.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713193/; classtype:trojan-activity;sid:83576293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.101.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713192/; classtype:trojan-activity;sid:83576292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.81.166.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713191/; classtype:trojan-activity;sid:83576291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.121.177.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713190/; classtype:trojan-activity;sid:83576290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713189)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.242.46.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713189/; classtype:trojan-activity;sid:83576289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.101.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713188/; classtype:trojan-activity;sid:83576288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713187)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.87.160.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713187/; classtype:trojan-activity;sid:83576287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713186)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.12.159.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713186/; classtype:trojan-activity;sid:83576286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713185)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"67.186.153.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713185/; classtype:trojan-activity;sid:83576285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.166.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713184/; classtype:trojan-activity;sid:83576284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713183)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.69.36.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713183/; classtype:trojan-activity;sid:83576283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.81.166.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713182/; classtype:trojan-activity;sid:83576282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.58.91.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713181/; classtype:trojan-activity;sid:83576281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713180)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.239.49.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713180/; classtype:trojan-activity;sid:83576280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713179)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"lunh.2023.ebeenj.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713179/; classtype:trojan-activity;sid:83576279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.82.211.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713178/; classtype:trojan-activity;sid:83576278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713177)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"38.29.176.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713177/; classtype:trojan-activity;sid:83576277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713176)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.116.20.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713176/; classtype:trojan-activity;sid:83576276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713175)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"219.70.216.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713175/; classtype:trojan-activity;sid:83576275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713174)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.109.228.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713174/; classtype:trojan-activity;sid:83576274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.42.247.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713173/; classtype:trojan-activity;sid:83576273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.129.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713172/; classtype:trojan-activity;sid:83576272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.51.173.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713171/; classtype:trojan-activity;sid:83576271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"86.42.247.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713170/; classtype:trojan-activity;sid:83576270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713169)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"88.214.21.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713169/; classtype:trojan-activity;sid:83576269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.72.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713168/; classtype:trojan-activity;sid:83576268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713167)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"nkp.2023.ebeenj.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713167/; classtype:trojan-activity;sid:83576267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.72.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713166/; classtype:trojan-activity;sid:83576266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.234.129.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713165/; classtype:trojan-activity;sid:83576265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.129.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713164/; classtype:trojan-activity;sid:83576264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.191.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713162/; classtype:trojan-activity;sid:83576262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.58.94.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713163/; classtype:trojan-activity;sid:83576263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.101.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713161/; classtype:trojan-activity;sid:83576261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713160)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xhwni.2023.ebeenj.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713160/; classtype:trojan-activity;sid:83576260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.250.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713158/; classtype:trojan-activity;sid:83576258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.58.93.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713159/; classtype:trojan-activity;sid:83576259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713157)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.183.125.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713157/; classtype:trojan-activity;sid:83576257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.149.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713156/; classtype:trojan-activity;sid:83576256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713155)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kwari.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"141.98.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713155/; classtype:trojan-activity;sid:83576255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.81.166.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713154/; classtype:trojan-activity;sid:83576254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713153)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.81.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713153/; classtype:trojan-activity;sid:83576253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713152)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.184.4.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713152/; classtype:trojan-activity;sid:83576252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713151)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.81.40.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713151/; classtype:trojan-activity;sid:83576251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713150)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.101.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713150/; classtype:trojan-activity;sid:83576250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713149)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.233.180.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713149/; classtype:trojan-activity;sid:83576249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.1.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713148/; classtype:trojan-activity;sid:83576248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.116.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713147/; classtype:trojan-activity;sid:83576247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.15.57.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713145/; classtype:trojan-activity;sid:83576245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.67.193.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713146/; classtype:trojan-activity;sid:83576246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.37.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713144/; classtype:trojan-activity;sid:83576244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713143)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.22.115.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713143/; classtype:trojan-activity;sid:83576243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.9.236"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713142/; classtype:trojan-activity;sid:83576242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.57.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713141/; classtype:trojan-activity;sid:83576241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713140)"; flow:established,from_client; content:"GET"; http_method; content:"/naco.mp3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"qu.ax"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713140/; classtype:trojan-activity;sid:83576240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.36.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713139/; classtype:trojan-activity;sid:83576239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713138)"; flow:established,from_client; content:"GET"; http_method; content:"/pata/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"toohami.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713138/; classtype:trojan-activity;sid:83576238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713137)"; flow:established,from_client; content:"GET"; http_method; content:"/ve/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"radiozocalo.com.mx"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713137/; classtype:trojan-activity;sid:83576237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713136)"; flow:established,from_client; content:"GET"; http_method; content:"/dome/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"prodigoradio.com.co"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713136/; classtype:trojan-activity;sid:83576236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713135)"; flow:established,from_client; content:"GET"; http_method; content:"/ai/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mikdi.com.co"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713135/; classtype:trojan-activity;sid:83576235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713134)"; flow:established,from_client; content:"GET"; http_method; content:"/iaus/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"unasd.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713134/; classtype:trojan-activity;sid:83576234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713133)"; flow:established,from_client; content:"GET"; http_method; content:"/os/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"acumenvaluers.co.ke"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713133/; classtype:trojan-activity;sid:83576233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713132)"; flow:established,from_client; content:"GET"; http_method; content:"/ti/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"transporteglobalconfort.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713132/; classtype:trojan-activity;sid:83576232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713127)"; flow:established,from_client; content:"GET"; http_method; content:"/tstn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"takabplast.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713127/; classtype:trojan-activity;sid:83576227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713128)"; flow:established,from_client; content:"GET"; http_method; content:"/aaaq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hmasloscabos.mx"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713128/; classtype:trojan-activity;sid:83576228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713129)"; flow:established,from_client; content:"GET"; http_method; content:"/lmu/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"choaluoi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713129/; classtype:trojan-activity;sid:83576229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713130)"; flow:established,from_client; content:"GET"; http_method; content:"/st/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"evomart.com.bd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713130/; classtype:trojan-activity;sid:83576230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713131)"; flow:established,from_client; content:"GET"; http_method; content:"/isua/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"suratpeo.go.th"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713131/; classtype:trojan-activity;sid:83576231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713112)"; flow:established,from_client; content:"GET"; http_method; content:"/dqo/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dhtech.ae"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713112/; classtype:trojan-activity;sid:83576212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713113)"; flow:established,from_client; content:"GET"; http_method; content:"/unsi/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ncsinternationalcollege.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713113/; classtype:trojan-activity;sid:83576213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713114)"; flow:established,from_client; content:"GET"; http_method; content:"/nms/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cosmositsolutions.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713114/; classtype:trojan-activity;sid:83576214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713115)"; flow:established,from_client; content:"GET"; http_method; content:"/uim/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"maharanirestaurant.ca"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713115/; classtype:trojan-activity;sid:83576215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713116)"; flow:established,from_client; content:"GET"; http_method; content:"/ea/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rastreamentos.me"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713116/; classtype:trojan-activity;sid:83576216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713117)"; flow:established,from_client; content:"GET"; http_method; content:"/iq/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"grandiose.academy"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713117/; classtype:trojan-activity;sid:83576217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713118)"; flow:established,from_client; content:"GET"; http_method; content:"/br/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"gomaspureglow.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713118/; classtype:trojan-activity;sid:83576218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713119)"; flow:established,from_client; content:"GET"; http_method; content:"/tm/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hfd.com.tr"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713119/; classtype:trojan-activity;sid:83576219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713120)"; flow:established,from_client; content:"GET"; http_method; content:"/nus/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"preneurlab.digital"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713120/; classtype:trojan-activity;sid:83576220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713121)"; flow:established,from_client; content:"GET"; http_method; content:"/iald/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hawaharadio.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713121/; classtype:trojan-activity;sid:83576221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713122)"; flow:established,from_client; content:"GET"; http_method; content:"/rsr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"shopwinner.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713122/; classtype:trojan-activity;sid:83576222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713123)"; flow:established,from_client; content:"GET"; http_method; content:"/mlr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"superdreadi.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713123/; classtype:trojan-activity;sid:83576223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713124)"; flow:established,from_client; content:"GET"; http_method; content:"/axd/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"showglass.com.ng"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713124/; classtype:trojan-activity;sid:83576224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713125)"; flow:established,from_client; content:"GET"; http_method; content:"/eein/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hunter-g.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713125/; classtype:trojan-activity;sid:83576225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713126)"; flow:established,from_client; content:"GET"; http_method; content:"/to/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"gsrhrservices.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713126/; classtype:trojan-activity;sid:83576226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713109)"; flow:established,from_client; content:"GET"; http_method; content:"/ume/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minargusa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713109/; classtype:trojan-activity;sid:83576209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713110)"; flow:established,from_client; content:"GET"; http_method; content:"/uss/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"viphydraulics.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713110/; classtype:trojan-activity;sid:83576210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713111)"; flow:established,from_client; content:"GET"; http_method; content:"/iups/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mpcel.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713111/; classtype:trojan-activity;sid:83576211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713104)"; flow:established,from_client; content:"GET"; http_method; content:"/eimn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"weavelinens.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713104/; classtype:trojan-activity;sid:83576204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713105)"; flow:established,from_client; content:"GET"; http_method; content:"/uie/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sgedigital.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713105/; classtype:trojan-activity;sid:83576205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713106)"; flow:established,from_client; content:"GET"; http_method; content:"/eua/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"pantherradio.media"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713106/; classtype:trojan-activity;sid:83576206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713107)"; flow:established,from_client; content:"GET"; http_method; content:"/aid/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"peckertele.com.ng"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713107/; classtype:trojan-activity;sid:83576207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713108)"; flow:established,from_client; content:"GET"; http_method; content:"/uutp/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"igcar.eu"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713108/; classtype:trojan-activity;sid:83576208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713100)"; flow:established,from_client; content:"GET"; http_method; content:"/nnet/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ltiacademy.co.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713100/; classtype:trojan-activity;sid:83576200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713101)"; flow:established,from_client; content:"GET"; http_method; content:"/san/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"signatureescortservice.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713101/; classtype:trojan-activity;sid:83576201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713102)"; flow:established,from_client; content:"GET"; http_method; content:"/irv/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minidoctor.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713102/; classtype:trojan-activity;sid:83576202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713103)"; flow:established,from_client; content:"GET"; http_method; content:"/tas/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"co-create2071.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713103/; classtype:trojan-activity;sid:83576203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713093)"; flow:established,from_client; content:"GET"; http_method; content:"/blo/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"wintexbd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713093/; classtype:trojan-activity;sid:83576193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713094)"; flow:established,from_client; content:"GET"; http_method; content:"/sdet/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ofc.ai"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713094/; classtype:trojan-activity;sid:83576194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713095)"; flow:established,from_client; content:"GET"; http_method; content:"/tr/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pfs-jenin.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713095/; classtype:trojan-activity;sid:83576195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713096)"; flow:established,from_client; content:"GET"; http_method; content:"/bind/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cemvasm.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713096/; classtype:trojan-activity;sid:83576196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713097)"; flow:established,from_client; content:"GET"; http_method; content:"/eqr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"expertsinteriors.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713097/; classtype:trojan-activity;sid:83576197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713098)"; flow:established,from_client; content:"GET"; http_method; content:"/teae/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"hondamardan.com.pk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713098/; classtype:trojan-activity;sid:83576198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713099)"; flow:established,from_client; content:"GET"; http_method; content:"/mios/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"rocksecuritymw.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713099/; classtype:trojan-activity;sid:83576199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713083)"; flow:established,from_client; content:"GET"; http_method; content:"/eaea/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"brandwebdemo.digital"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713083/; classtype:trojan-activity;sid:83576183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713084)"; flow:established,from_client; content:"GET"; http_method; content:"/uu/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"rbstrafegopago.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713084/; classtype:trojan-activity;sid:83576184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713085)"; flow:established,from_client; content:"GET"; http_method; content:"/edus/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"alraeid.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713085/; classtype:trojan-activity;sid:83576185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713086)"; flow:established,from_client; content:"GET"; http_method; content:"/beq/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"unitedusedfurniture.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713086/; classtype:trojan-activity;sid:83576186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713087)"; flow:established,from_client; content:"GET"; http_method; content:"/aa/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"myrescue.ke"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713087/; classtype:trojan-activity;sid:83576187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713088)"; flow:established,from_client; content:"GET"; http_method; content:"/oseu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cosmosiit.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713088/; classtype:trojan-activity;sid:83576188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713089)"; flow:established,from_client; content:"GET"; http_method; content:"/tda/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"tanhaenterprise.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713089/; classtype:trojan-activity;sid:83576189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713090)"; flow:established,from_client; content:"GET"; http_method; content:"/et/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"appapi.store"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713090/; classtype:trojan-activity;sid:83576190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713091)"; flow:established,from_client; content:"GET"; http_method; content:"/mne/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"wcmtelecom.tv"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713091/; classtype:trojan-activity;sid:83576191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713092)"; flow:established,from_client; content:"GET"; http_method; content:"/eifr/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cpm.com.py"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713092/; classtype:trojan-activity;sid:83576192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713073)"; flow:established,from_client; content:"GET"; http_method; content:"/dqo/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dhtech.ae"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713073/; classtype:trojan-activity;sid:83576173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713074)"; flow:established,from_client; content:"GET"; http_method; content:"/rie/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"inzpect.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713074/; classtype:trojan-activity;sid:83576174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713075)"; flow:established,from_client; content:"GET"; http_method; content:"/ium/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"perfectprintoficial.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713075/; classtype:trojan-activity;sid:83576175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713076)"; flow:established,from_client; content:"GET"; http_method; content:"/qr/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aperasolarlightltd.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713076/; classtype:trojan-activity;sid:83576176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713077)"; flow:established,from_client; content:"GET"; http_method; content:"/erm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"beautifullike.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713077/; classtype:trojan-activity;sid:83576177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713078)"; flow:established,from_client; content:"GET"; http_method; content:"/illn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"asiaprofessionals.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713078/; classtype:trojan-activity;sid:83576178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713079)"; flow:established,from_client; content:"GET"; http_method; content:"/pciu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"true-hrm.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713079/; classtype:trojan-activity;sid:83576179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713080)"; flow:established,from_client; content:"GET"; http_method; content:"/itt/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"herseyfikir.com.tr"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713080/; classtype:trojan-activity;sid:83576180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713081)"; flow:established,from_client; content:"GET"; http_method; content:"/qla/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"elnadahospitals.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713081/; classtype:trojan-activity;sid:83576181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713082)"; flow:established,from_client; content:"GET"; http_method; content:"/hi/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"axecapital.ro"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713082/; classtype:trojan-activity;sid:83576182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713067)"; flow:established,from_client; content:"GET"; http_method; content:"/od/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"shikhana.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713067/; classtype:trojan-activity;sid:83576167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713068)"; flow:established,from_client; content:"GET"; http_method; content:"/es/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"michelleolatoksspecialist.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713068/; classtype:trojan-activity;sid:83576168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713069)"; flow:established,from_client; content:"GET"; http_method; content:"/itns/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nihmarschools.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713069/; classtype:trojan-activity;sid:83576169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713070)"; flow:established,from_client; content:"GET"; http_method; content:"/mntn/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"askmrzsparkles.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713070/; classtype:trojan-activity;sid:83576170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713071)"; flow:established,from_client; content:"GET"; http_method; content:"/qur/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"healthwizapp.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713071/; classtype:trojan-activity;sid:83576171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713072)"; flow:established,from_client; content:"GET"; http_method; content:"/moba/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nganhangsovn.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713072/; classtype:trojan-activity;sid:83576172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713064)"; flow:established,from_client; content:"GET"; http_method; content:"/mq/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"vtektv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713064/; classtype:trojan-activity;sid:83576164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713065)"; flow:established,from_client; content:"GET"; http_method; content:"/aqv/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"artnneslie.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713065/; classtype:trojan-activity;sid:83576165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713066)"; flow:established,from_client; content:"GET"; http_method; content:"/eea/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hunil.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713066/; classtype:trojan-activity;sid:83576166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713059)"; flow:established,from_client; content:"GET"; http_method; content:"/irv/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minidoctor.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713059/; classtype:trojan-activity;sid:83576159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713060)"; flow:established,from_client; content:"GET"; http_method; content:"/mup/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"visitorspolicy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713060/; classtype:trojan-activity;sid:83576160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713061)"; flow:established,from_client; content:"GET"; http_method; content:"/miod/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"devcsv.online"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713061/; classtype:trojan-activity;sid:83576161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713062)"; flow:established,from_client; content:"GET"; http_method; content:"/ast/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"midiajcbdigital.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713062/; classtype:trojan-activity;sid:83576162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713063)"; flow:established,from_client; content:"GET"; http_method; content:"/mimp/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"schoolkandanastore.store"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713063/; classtype:trojan-activity;sid:83576163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713053)"; flow:established,from_client; content:"GET"; http_method; content:"/pisa/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"lowcostbeer.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713053/; classtype:trojan-activity;sid:83576153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713054)"; flow:established,from_client; content:"GET"; http_method; content:"/ti/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mebleroni.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713054/; classtype:trojan-activity;sid:83576154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713055)"; flow:established,from_client; content:"GET"; http_method; content:"/iaof/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"printingpoint.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713055/; classtype:trojan-activity;sid:83576155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713056)"; flow:established,from_client; content:"GET"; http_method; content:"/rter/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tanscarattorneys.co.tz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713056/; classtype:trojan-activity;sid:83576156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713057)"; flow:established,from_client; content:"GET"; http_method; content:"/utl/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"techzero.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713057/; classtype:trojan-activity;sid:83576157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713058)"; flow:established,from_client; content:"GET"; http_method; content:"/sslc/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sictalks.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713058/; classtype:trojan-activity;sid:83576158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713045)"; flow:established,from_client; content:"GET"; http_method; content:"/tba/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"refurbtechnologies.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713045/; classtype:trojan-activity;sid:83576145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713046)"; flow:established,from_client; content:"GET"; http_method; content:"/ue/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"capitaltechnology.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713046/; classtype:trojan-activity;sid:83576146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713047)"; flow:established,from_client; content:"GET"; http_method; content:"/nim/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dostai.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713047/; classtype:trojan-activity;sid:83576147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713048)"; flow:established,from_client; content:"GET"; http_method; content:"/ueiq/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"winstonandfriendz.ca"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713048/; classtype:trojan-activity;sid:83576148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713049)"; flow:established,from_client; content:"GET"; http_method; content:"/uiff/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"101degrees.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713049/; classtype:trojan-activity;sid:83576149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713050)"; flow:established,from_client; content:"GET"; http_method; content:"/mii/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ajpglobalshoppin.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713050/; classtype:trojan-activity;sid:83576150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713051)"; flow:established,from_client; content:"GET"; http_method; content:"/ecut/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"vivianecerqueira.adv.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713051/; classtype:trojan-activity;sid:83576151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713052)"; flow:established,from_client; content:"GET"; http_method; content:"/bp/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"pollx.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713052/; classtype:trojan-activity;sid:83576152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713040)"; flow:established,from_client; content:"GET"; http_method; content:"/its/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"haytham.site"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713040/; classtype:trojan-activity;sid:83576140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713041)"; flow:established,from_client; content:"GET"; http_method; content:"/muuu/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"siagtrading.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713041/; classtype:trojan-activity;sid:83576141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713042)"; flow:established,from_client; content:"GET"; http_method; content:"/ts/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"nia-dbrowntestserver.com.ng"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713042/; classtype:trojan-activity;sid:83576142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713043)"; flow:established,from_client; content:"GET"; http_method; content:"/nmsr/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"brij.world"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713043/; classtype:trojan-activity;sid:83576143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713044)"; flow:established,from_client; content:"GET"; http_method; content:"/do/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"m-handcraft.lk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713044/; classtype:trojan-activity;sid:83576144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713031)"; flow:established,from_client; content:"GET"; http_method; content:"/iegb/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"aeic-usa.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713031/; classtype:trojan-activity;sid:83576131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713032)"; flow:established,from_client; content:"GET"; http_method; content:"/frs/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"superdreadiswag.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713032/; classtype:trojan-activity;sid:83576132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713033)"; flow:established,from_client; content:"GET"; http_method; content:"/uap/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"normacsales.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713033/; classtype:trojan-activity;sid:83576133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713034)"; flow:established,from_client; content:"GET"; http_method; content:"/dcil/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ledscreen.africa"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713034/; classtype:trojan-activity;sid:83576134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713035)"; flow:established,from_client; content:"GET"; http_method; content:"/ooal/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"founders.net.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713035/; classtype:trojan-activity;sid:83576135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713036)"; flow:established,from_client; content:"GET"; http_method; content:"/aa/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"landscapersindubai.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713036/; classtype:trojan-activity;sid:83576136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713037)"; flow:established,from_client; content:"GET"; http_method; content:"/uni/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dna-do-gamer.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713037/; classtype:trojan-activity;sid:83576137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713038)"; flow:established,from_client; content:"GET"; http_method; content:"/dpr/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"grgoptim.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713038/; classtype:trojan-activity;sid:83576138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713039)"; flow:established,from_client; content:"GET"; http_method; content:"/tqi/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mikopo.gva.co.tz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713039/; classtype:trojan-activity;sid:83576139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713021)"; flow:established,from_client; content:"GET"; http_method; content:"/ninh/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"jhenaidahpoly.gov.bd"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713021/; classtype:trojan-activity;sid:83576121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713022)"; flow:established,from_client; content:"GET"; http_method; content:"/vr/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bligevale.co.zw"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713022/; classtype:trojan-activity;sid:83576122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713023)"; flow:established,from_client; content:"GET"; http_method; content:"/ii/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"journeotravel.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713023/; classtype:trojan-activity;sid:83576123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713024)"; flow:established,from_client; content:"GET"; http_method; content:"/ipa/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"asaawy.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713024/; classtype:trojan-activity;sid:83576124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713025)"; flow:established,from_client; content:"GET"; http_method; content:"/td/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"adalatirin.site"; http_host; depth:15; isdataa