################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2021-02-25 04:05:12 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.146.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028619/; classtype:trojan-activity;sid:81891719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.137.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028616/; classtype:trojan-activity;sid:81891716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.11.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028617/; classtype:trojan-activity;sid:81891717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.150.56.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028618/; classtype:trojan-activity;sid:81891718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028610/; classtype:trojan-activity;sid:81891710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.206.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028611/; classtype:trojan-activity;sid:81891711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.13.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028612/; classtype:trojan-activity;sid:81891712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.90.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028613/; classtype:trojan-activity;sid:81891713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.117.4.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028614/; classtype:trojan-activity;sid:81891714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.79.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028615/; classtype:trojan-activity;sid:81891715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.51.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028609/; classtype:trojan-activity;sid:81891709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.74.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028608/; classtype:trojan-activity;sid:81891708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.55.139.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028604/; classtype:trojan-activity;sid:81891704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.253.237.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028605/; classtype:trojan-activity;sid:81891705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.13.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028606/; classtype:trojan-activity;sid:81891706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.100.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028607/; classtype:trojan-activity;sid:81891707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.67.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028603/; classtype:trojan-activity;sid:81891703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.16.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028600/; classtype:trojan-activity;sid:81891700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.177.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028601/; classtype:trojan-activity;sid:81891701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.39.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028602/; classtype:trojan-activity;sid:81891702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.38.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028597/; classtype:trojan-activity;sid:81891697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.140.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028598/; classtype:trojan-activity;sid:81891698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.175.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028599/; classtype:trojan-activity;sid:81891699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.26.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028595/; classtype:trojan-activity;sid:81891695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.255.32.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028596/; classtype:trojan-activity;sid:81891696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.95.147.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028594/; classtype:trojan-activity;sid:81891694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.135.80.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028593/; classtype:trojan-activity;sid:81891693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.127.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028589/; classtype:trojan-activity;sid:81891689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.181.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028591/; classtype:trojan-activity;sid:81891691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.8.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028592/; classtype:trojan-activity;sid:81891692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.193.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028587/; classtype:trojan-activity;sid:81891687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.196.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028588/; classtype:trojan-activity;sid:81891688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.53.51.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028586/; classtype:trojan-activity;sid:81891686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.10.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028582/; classtype:trojan-activity;sid:81891682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.120.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028584/; classtype:trojan-activity;sid:81891684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.149.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028585/; classtype:trojan-activity;sid:81891685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.100.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028578/; classtype:trojan-activity;sid:81891678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028579/; classtype:trojan-activity;sid:81891679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.38.191.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028580/; classtype:trojan-activity;sid:81891680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.66.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028577/; classtype:trojan-activity;sid:81891677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.156.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028576/; classtype:trojan-activity;sid:81891676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.80.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028575/; classtype:trojan-activity;sid:81891675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.161.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028573/; classtype:trojan-activity;sid:81891673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.92.157.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028574/; classtype:trojan-activity;sid:81891674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.66.16.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028572/; classtype:trojan-activity;sid:81891672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.156.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028569/; classtype:trojan-activity;sid:81891669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.123.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028570/; classtype:trojan-activity;sid:81891670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.85.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028571/; classtype:trojan-activity;sid:81891671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.42.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028568/; classtype:trojan-activity;sid:81891668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.157.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028563/; classtype:trojan-activity;sid:81891663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.65.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028561/; classtype:trojan-activity;sid:81891661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.95.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028562/; classtype:trojan-activity;sid:81891662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.146.211.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028560/; classtype:trojan-activity;sid:81891660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.235.164.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028558/; classtype:trojan-activity;sid:81891658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.65.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028555/; classtype:trojan-activity;sid:81891655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.218.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028556/; classtype:trojan-activity;sid:81891656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.238.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028557/; classtype:trojan-activity;sid:81891657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.82.231.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028554/; classtype:trojan-activity;sid:81891654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.207.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028552/; classtype:trojan-activity;sid:81891652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.230.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028553/; classtype:trojan-activity;sid:81891653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.67.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028550/; classtype:trojan-activity;sid:81891650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.33.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028551/; classtype:trojan-activity;sid:81891651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.36.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028546/; classtype:trojan-activity;sid:81891646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.184.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028547/; classtype:trojan-activity;sid:81891647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.251.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028548/; classtype:trojan-activity;sid:81891648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.23.24.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028549/; classtype:trojan-activity;sid:81891649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.108.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028544/; classtype:trojan-activity;sid:81891644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.135.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028545/; classtype:trojan-activity;sid:81891645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.40.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028542/; classtype:trojan-activity;sid:81891642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a|7c|3b|7c|chmod+777+mozi.a|7c|3b|7c|/tmp/mozi.a+jaws"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"113.116.48.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028541/; classtype:trojan-activity;sid:81891641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.83.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028540/; classtype:trojan-activity;sid:81891640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.92.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028539/; classtype:trojan-activity;sid:81891639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.21.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028538/; classtype:trojan-activity;sid:81891638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.35.225.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028537/; classtype:trojan-activity;sid:81891637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.235.137.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028536/; classtype:trojan-activity;sid:81891636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.118.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028535/; classtype:trojan-activity;sid:81891635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.102.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028534/; classtype:trojan-activity;sid:81891634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.130.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028533/; classtype:trojan-activity;sid:81891633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.96.40.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028532/; classtype:trojan-activity;sid:81891632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.11.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028529/; classtype:trojan-activity;sid:81891629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.219.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028530/; classtype:trojan-activity;sid:81891630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.1.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028531/; classtype:trojan-activity;sid:81891631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.77.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028527/; classtype:trojan-activity;sid:81891627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.95.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028526/; classtype:trojan-activity;sid:81891626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.40.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028524/; classtype:trojan-activity;sid:81891624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.81.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028523/; classtype:trojan-activity;sid:81891623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.40.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028522/; classtype:trojan-activity;sid:81891622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.63.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028518/; classtype:trojan-activity;sid:81891618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.51.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028519/; classtype:trojan-activity;sid:81891619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.127.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028520/; classtype:trojan-activity;sid:81891620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.101.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028521/; classtype:trojan-activity;sid:81891621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.158.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028514/; classtype:trojan-activity;sid:81891614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.102.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028515/; classtype:trojan-activity;sid:81891615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.109.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028516/; classtype:trojan-activity;sid:81891616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.181.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028517/; classtype:trojan-activity;sid:81891617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.66.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028511/; classtype:trojan-activity;sid:81891611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.81.210.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028512/; classtype:trojan-activity;sid:81891612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.99.235.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028513/; classtype:trojan-activity;sid:81891613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.80.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028509/; classtype:trojan-activity;sid:81891609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.92.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028510/; classtype:trojan-activity;sid:81891610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.107.113.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028508/; classtype:trojan-activity;sid:81891608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.34.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028507/; classtype:trojan-activity;sid:81891607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.172.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028506/; classtype:trojan-activity;sid:81891606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.122.28.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028505/; classtype:trojan-activity;sid:81891605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.95.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028504/; classtype:trojan-activity;sid:81891604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.48.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028503/; classtype:trojan-activity;sid:81891603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.102.37.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028501/; classtype:trojan-activity;sid:81891601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.65.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028502/; classtype:trojan-activity;sid:81891602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.65.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028498/; classtype:trojan-activity;sid:81891598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.37.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028499/; classtype:trojan-activity;sid:81891599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.41.237"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028500/; classtype:trojan-activity;sid:81891600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.94.85.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028497/; classtype:trojan-activity;sid:81891597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.181.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028496/; classtype:trojan-activity;sid:81891596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028495)"; flow:established,from_client; content:"GET"; http_method; content:"/payload2/darkcrypt2.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"malwarecoding.github.io"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028495/; classtype:trojan-activity;sid:81891595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.81.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028494/; classtype:trojan-activity;sid:81891594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.172.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028493/; classtype:trojan-activity;sid:81891593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.96.243.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028492/; classtype:trojan-activity;sid:81891592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.18.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028491/; classtype:trojan-activity;sid:81891591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.135.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028489/; classtype:trojan-activity;sid:81891589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.81.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028490/; classtype:trojan-activity;sid:81891590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.116.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028487/; classtype:trojan-activity;sid:81891587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.86.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028488/; classtype:trojan-activity;sid:81891588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.7.132.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028486/; classtype:trojan-activity;sid:81891586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.181.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028485/; classtype:trojan-activity;sid:81891585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.44.76.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028484/; classtype:trojan-activity;sid:81891584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.114.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028481/; classtype:trojan-activity;sid:81891581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.80.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028482/; classtype:trojan-activity;sid:81891582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.106.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028483/; classtype:trojan-activity;sid:81891583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.15.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028477/; classtype:trojan-activity;sid:81891577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.179.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028478/; classtype:trojan-activity;sid:81891578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.169.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028479/; classtype:trojan-activity;sid:81891579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.20.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028480/; classtype:trojan-activity;sid:81891580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.230.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028476/; classtype:trojan-activity;sid:81891576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.92.135.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028475/; classtype:trojan-activity;sid:81891575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.100.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028474/; classtype:trojan-activity;sid:81891574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.7.132.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028473/; classtype:trojan-activity;sid:81891573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.44.76.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028472/; classtype:trojan-activity;sid:81891572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.5.44.218"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028471/; classtype:trojan-activity;sid:81891571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.230.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028470/; classtype:trojan-activity;sid:81891570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.208.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028466/; classtype:trojan-activity;sid:81891566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.85.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028467/; classtype:trojan-activity;sid:81891567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.75.195.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028468/; classtype:trojan-activity;sid:81891568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.182.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028469/; classtype:trojan-activity;sid:81891569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.49.111.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028465/; classtype:trojan-activity;sid:81891565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.252.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028463/; classtype:trojan-activity;sid:81891563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.124.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028464/; classtype:trojan-activity;sid:81891564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.119.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028462/; classtype:trojan-activity;sid:81891562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.80.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028461/; classtype:trojan-activity;sid:81891561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.155.216.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028460/; classtype:trojan-activity;sid:81891560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.23.24.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028459/; classtype:trojan-activity;sid:81891559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.83.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028457/; classtype:trojan-activity;sid:81891557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.36.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028458/; classtype:trojan-activity;sid:81891558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028452/; classtype:trojan-activity;sid:81891552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.77.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028453/; classtype:trojan-activity;sid:81891553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.66.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028454/; classtype:trojan-activity;sid:81891554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.230.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028455/; classtype:trojan-activity;sid:81891555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.126.92.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028456/; classtype:trojan-activity;sid:81891556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.54.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028450/; classtype:trojan-activity;sid:81891550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.96.243.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028449/; classtype:trojan-activity;sid:81891549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.116.216.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028448/; classtype:trojan-activity;sid:81891548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.170.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028447/; classtype:trojan-activity;sid:81891547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.75.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028446/; classtype:trojan-activity;sid:81891546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028444/; classtype:trojan-activity;sid:81891544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.219.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028445/; classtype:trojan-activity;sid:81891545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.120.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028443/; classtype:trojan-activity;sid:81891543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.36.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028442/; classtype:trojan-activity;sid:81891542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.182.21.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028439/; classtype:trojan-activity;sid:81891539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.10.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028440/; classtype:trojan-activity;sid:81891540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.36.126.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028441/; classtype:trojan-activity;sid:81891541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.30.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028433/; classtype:trojan-activity;sid:81891533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.106.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028434/; classtype:trojan-activity;sid:81891534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.39.114.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028435/; classtype:trojan-activity;sid:81891535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.209.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028436/; classtype:trojan-activity;sid:81891536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.196.245.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028437/; classtype:trojan-activity;sid:81891537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028438)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"183.105.104.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028438/; classtype:trojan-activity;sid:81891538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.171.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028432/; classtype:trojan-activity;sid:81891532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.224.81.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028430/; classtype:trojan-activity;sid:81891530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.118.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028431/; classtype:trojan-activity;sid:81891531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.34.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028428/; classtype:trojan-activity;sid:81891528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.170.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028427/; classtype:trojan-activity;sid:81891527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.54.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028425/; classtype:trojan-activity;sid:81891525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.82.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028422/; classtype:trojan-activity;sid:81891522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.101.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028423/; classtype:trojan-activity;sid:81891523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.165.241.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028424/; classtype:trojan-activity;sid:81891524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.204.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028420/; classtype:trojan-activity;sid:81891520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.40.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028421/; classtype:trojan-activity;sid:81891521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.34.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028419/; classtype:trojan-activity;sid:81891519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.133.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028418/; classtype:trojan-activity;sid:81891518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.75.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028417/; classtype:trojan-activity;sid:81891517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.78.216.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028416/; classtype:trojan-activity;sid:81891516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.142.78.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028415/; classtype:trojan-activity;sid:81891515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.100.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028412/; classtype:trojan-activity;sid:81891512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.156.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028413/; classtype:trojan-activity;sid:81891513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.83.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028414/; classtype:trojan-activity;sid:81891514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.77.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028410/; classtype:trojan-activity;sid:81891510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.242.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028411/; classtype:trojan-activity;sid:81891511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.64.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028406/; classtype:trojan-activity;sid:81891506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.87.202.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028407/; classtype:trojan-activity;sid:81891507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.224.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028408/; classtype:trojan-activity;sid:81891508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.52.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028409/; classtype:trojan-activity;sid:81891509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.239.79.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028403/; classtype:trojan-activity;sid:81891503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.88.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028404/; classtype:trojan-activity;sid:81891504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.225.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028405/; classtype:trojan-activity;sid:81891505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.108.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028402/; classtype:trojan-activity;sid:81891502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.179.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028401/; classtype:trojan-activity;sid:81891501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.109.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028400/; classtype:trojan-activity;sid:81891500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.80.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028398/; classtype:trojan-activity;sid:81891498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.54.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028397/; classtype:trojan-activity;sid:81891497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.78.216.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028396/; classtype:trojan-activity;sid:81891496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.212.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028395/; classtype:trojan-activity;sid:81891495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.181.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028394/; classtype:trojan-activity;sid:81891494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.233.225.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028392/; classtype:trojan-activity;sid:81891492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.127.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028384/; classtype:trojan-activity;sid:81891484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.247.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028385/; classtype:trojan-activity;sid:81891485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.113.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028386/; classtype:trojan-activity;sid:81891486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.58.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028387/; classtype:trojan-activity;sid:81891487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.105.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028388/; classtype:trojan-activity;sid:81891488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.55.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028389/; classtype:trojan-activity;sid:81891489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.62.165.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028390/; classtype:trojan-activity;sid:81891490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.52.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028383/; classtype:trojan-activity;sid:81891483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.108.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028382/; classtype:trojan-activity;sid:81891482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.179.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028381/; classtype:trojan-activity;sid:81891481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.241.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028380/; classtype:trojan-activity;sid:81891480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.163.126.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028379/; classtype:trojan-activity;sid:81891479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.142.78.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028377/; classtype:trojan-activity;sid:81891477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.37.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028378/; classtype:trojan-activity;sid:81891478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.54.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028376/; classtype:trojan-activity;sid:81891476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.40.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028375/; classtype:trojan-activity;sid:81891475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.97.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028372/; classtype:trojan-activity;sid:81891472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.78.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028371/; classtype:trojan-activity;sid:81891471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.123.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028370/; classtype:trojan-activity;sid:81891470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.160.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028368/; classtype:trojan-activity;sid:81891468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.55.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028369/; classtype:trojan-activity;sid:81891469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.234.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028364/; classtype:trojan-activity;sid:81891464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.72.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028365/; classtype:trojan-activity;sid:81891465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.218.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028366/; classtype:trojan-activity;sid:81891466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.120.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028367/; classtype:trojan-activity;sid:81891467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.115.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028361/; classtype:trojan-activity;sid:81891461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.47.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028362/; classtype:trojan-activity;sid:81891462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.146.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028363/; classtype:trojan-activity;sid:81891463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.181.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028357/; classtype:trojan-activity;sid:81891457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.92.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028358/; classtype:trojan-activity;sid:81891458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.11.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028359/; classtype:trojan-activity;sid:81891459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.82.164.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028353/; classtype:trojan-activity;sid:81891453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.47.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_25; reference:url, urlhaus.abuse.ch/url/1028354/; classtype:trojan-activity;sid:81891454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.140.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028350/; classtype:trojan-activity;sid:81891450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.241.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028349/; classtype:trojan-activity;sid:81891449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.113.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028348/; classtype:trojan-activity;sid:81891448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.174.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028342/; classtype:trojan-activity;sid:81891442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.105.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028343/; classtype:trojan-activity;sid:81891443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.35.161.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028344/; classtype:trojan-activity;sid:81891444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.2.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028345/; classtype:trojan-activity;sid:81891445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.31.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028346/; classtype:trojan-activity;sid:81891446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.16.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028347/; classtype:trojan-activity;sid:81891447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.172.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028339/; classtype:trojan-activity;sid:81891439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.132.98.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028340/; classtype:trojan-activity;sid:81891440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.246.222.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028341/; classtype:trojan-activity;sid:81891441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.64.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028337/; classtype:trojan-activity;sid:81891437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.118.44.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028338/; classtype:trojan-activity;sid:81891438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.27.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028336/; classtype:trojan-activity;sid:81891436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.35.225.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028335/; classtype:trojan-activity;sid:81891435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.225.89.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028334/; classtype:trojan-activity;sid:81891434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.126.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028332/; classtype:trojan-activity;sid:81891432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.180.237.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028333/; classtype:trojan-activity;sid:81891433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.67.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028331/; classtype:trojan-activity;sid:81891431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.66.111.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028330/; classtype:trojan-activity;sid:81891430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.79.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028328/; classtype:trojan-activity;sid:81891428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.174.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028329/; classtype:trojan-activity;sid:81891429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.66.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028324/; classtype:trojan-activity;sid:81891424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.3.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028325/; classtype:trojan-activity;sid:81891425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.159.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028326/; classtype:trojan-activity;sid:81891426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.217.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028327/; classtype:trojan-activity;sid:81891427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.156.139.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028323/; classtype:trojan-activity;sid:81891423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.7.107.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028322/; classtype:trojan-activity;sid:81891422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.27.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028321/; classtype:trojan-activity;sid:81891421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.82.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028320/; classtype:trojan-activity;sid:81891420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.207.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028319/; classtype:trojan-activity;sid:81891419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.66.111.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028318/; classtype:trojan-activity;sid:81891418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.109.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028317/; classtype:trojan-activity;sid:81891417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.77.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028313/; classtype:trojan-activity;sid:81891413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.53.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028314/; classtype:trojan-activity;sid:81891414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.31.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028315/; classtype:trojan-activity;sid:81891415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.202.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028316/; classtype:trojan-activity;sid:81891416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.170.81.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028312/; classtype:trojan-activity;sid:81891412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.161.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028311/; classtype:trojan-activity;sid:81891411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.122.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028310/; classtype:trojan-activity;sid:81891410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.20.137.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028309/; classtype:trojan-activity;sid:81891409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.67.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028308/; classtype:trojan-activity;sid:81891408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.143.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028306/; classtype:trojan-activity;sid:81891406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.182.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028307/; classtype:trojan-activity;sid:81891407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.98.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028303/; classtype:trojan-activity;sid:81891403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.168.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028304/; classtype:trojan-activity;sid:81891404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.225.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028305/; classtype:trojan-activity;sid:81891405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.192.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028302/; classtype:trojan-activity;sid:81891402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.9.43.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028301/; classtype:trojan-activity;sid:81891401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.57.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028299/; classtype:trojan-activity;sid:81891399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.160.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028300/; classtype:trojan-activity;sid:81891400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.91.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028298/; classtype:trojan-activity;sid:81891398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.113.174.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028295/; classtype:trojan-activity;sid:81891395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.241.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028296/; classtype:trojan-activity;sid:81891396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.118.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028297/; classtype:trojan-activity;sid:81891397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.174.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028294/; classtype:trojan-activity;sid:81891394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.117.152.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028293/; classtype:trojan-activity;sid:81891393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.176.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028291/; classtype:trojan-activity;sid:81891391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.91.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028292/; classtype:trojan-activity;sid:81891392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.78.39.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028290/; classtype:trojan-activity;sid:81891390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.207.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028289/; classtype:trojan-activity;sid:81891389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.31.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028287/; classtype:trojan-activity;sid:81891387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028288)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"107.220.119.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028288/; classtype:trojan-activity;sid:81891388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.78.39.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028286/; classtype:trojan-activity;sid:81891386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.84.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028285/; classtype:trojan-activity;sid:81891385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.83.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028284/; classtype:trojan-activity;sid:81891384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.125.255.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028279/; classtype:trojan-activity;sid:81891379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.171.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028280/; classtype:trojan-activity;sid:81891380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028281/; classtype:trojan-activity;sid:81891381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.79.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028282/; classtype:trojan-activity;sid:81891382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.42.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028283/; classtype:trojan-activity;sid:81891383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.35.225.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028278/; classtype:trojan-activity;sid:81891378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.66.77.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028277/; classtype:trojan-activity;sid:81891377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.165.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028276/; classtype:trojan-activity;sid:81891376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.232.211.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028275/; classtype:trojan-activity;sid:81891375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.78.39.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028274/; classtype:trojan-activity;sid:81891374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.31.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028273/; classtype:trojan-activity;sid:81891373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.138.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028272/; classtype:trojan-activity;sid:81891372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.83.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028271/; classtype:trojan-activity;sid:81891371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.145.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028268/; classtype:trojan-activity;sid:81891368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.109.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028269/; classtype:trojan-activity;sid:81891369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.162.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028270/; classtype:trojan-activity;sid:81891370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.75.125.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028265/; classtype:trojan-activity;sid:81891365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.46.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028266/; classtype:trojan-activity;sid:81891366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.0.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028267/; classtype:trojan-activity;sid:81891367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.64.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028264/; classtype:trojan-activity;sid:81891364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.244.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028263/; classtype:trojan-activity;sid:81891363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.71.239.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028262/; classtype:trojan-activity;sid:81891362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.163.162.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028258/; classtype:trojan-activity;sid:81891358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.126.82.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028259/; classtype:trojan-activity;sid:81891359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.223.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028260/; classtype:trojan-activity;sid:81891360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.117.191.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028261/; classtype:trojan-activity;sid:81891361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.175.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028256/; classtype:trojan-activity;sid:81891356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.45.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028257/; classtype:trojan-activity;sid:81891357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.123.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028254/; classtype:trojan-activity;sid:81891354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.125.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028255/; classtype:trojan-activity;sid:81891355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.86.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028253/; classtype:trojan-activity;sid:81891353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.46.4.95"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028252/; classtype:trojan-activity;sid:81891352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.31.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028251/; classtype:trojan-activity;sid:81891351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.78.39.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028250/; classtype:trojan-activity;sid:81891350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.82.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028249/; classtype:trojan-activity;sid:81891349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.146.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028248/; classtype:trojan-activity;sid:81891348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.251.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028247/; classtype:trojan-activity;sid:81891347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.20.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028244/; classtype:trojan-activity;sid:81891344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.18.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028245/; classtype:trojan-activity;sid:81891345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.31.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028246/; classtype:trojan-activity;sid:81891346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.119.98.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028243/; classtype:trojan-activity;sid:81891343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.242.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028242/; classtype:trojan-activity;sid:81891342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.83.100.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028241/; classtype:trojan-activity;sid:81891341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.228.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028239/; classtype:trojan-activity;sid:81891339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.249.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028240/; classtype:trojan-activity;sid:81891340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.95.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028237/; classtype:trojan-activity;sid:81891337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.84.240.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028238/; classtype:trojan-activity;sid:81891338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028235)"; flow:established,from_client; content:"GET"; http_method; content:"/pedalcheta/cutie.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.14.149.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028235/; classtype:trojan-activity;sid:81891335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028236)"; flow:established,from_client; content:"GET"; http_method; content:"/pedalcheta/cutie.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.14.149.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028236/; classtype:trojan-activity;sid:81891336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028225)"; flow:established,from_client; content:"GET"; http_method; content:"/pedalcheta/cutie.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.14.149.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028225/; classtype:trojan-activity;sid:81891325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028226)"; flow:established,from_client; content:"GET"; http_method; content:"/pedalcheta/cutie.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.14.149.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028226/; classtype:trojan-activity;sid:81891326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028227)"; flow:established,from_client; content:"GET"; http_method; content:"/pedalcheta/cutie.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.14.149.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028227/; classtype:trojan-activity;sid:81891327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028228)"; flow:established,from_client; content:"GET"; http_method; content:"/pedalcheta/cutie.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.14.149.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028228/; classtype:trojan-activity;sid:81891328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028229)"; flow:established,from_client; content:"GET"; http_method; content:"/pedalcheta/cutie.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.14.149.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028229/; classtype:trojan-activity;sid:81891329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028230)"; flow:established,from_client; content:"GET"; http_method; content:"/pedalcheta/cutie.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.14.149.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028230/; classtype:trojan-activity;sid:81891330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028231)"; flow:established,from_client; content:"GET"; http_method; content:"/pedalcheta/cutie.i586"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.14.149.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028231/; classtype:trojan-activity;sid:81891331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028232)"; flow:established,from_client; content:"GET"; http_method; content:"/pedalcheta/cutie.x86_64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"45.14.149.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028232/; classtype:trojan-activity;sid:81891332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028233)"; flow:established,from_client; content:"GET"; http_method; content:"/pedalcheta/cutie.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.14.149.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028233/; classtype:trojan-activity;sid:81891333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028234)"; flow:established,from_client; content:"GET"; http_method; content:"/pedalcheta/cutie.i686"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.14.149.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028234/; classtype:trojan-activity;sid:81891334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.88.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028224/; classtype:trojan-activity;sid:81891324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.105.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028223/; classtype:trojan-activity;sid:81891323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028222)"; flow:established,from_client; content:"GET"; http_method; content:"/ds/2402.gif"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"neokenya.co.ke"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028222/; classtype:trojan-activity;sid:81891322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028221)"; flow:established,from_client; content:"GET"; http_method; content:"/ds/2402.gif"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"neokenya.co.ke"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028221/; classtype:trojan-activity;sid:81891321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.173.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028220/; classtype:trojan-activity;sid:81891320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.217.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028218/; classtype:trojan-activity;sid:81891318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.26.111.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028219/; classtype:trojan-activity;sid:81891319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.91.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028217/; classtype:trojan-activity;sid:81891317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.74.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028216/; classtype:trojan-activity;sid:81891316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.75.238.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028214/; classtype:trojan-activity;sid:81891314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.94.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028215/; classtype:trojan-activity;sid:81891315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.160.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028213/; classtype:trojan-activity;sid:81891313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.95.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028211/; classtype:trojan-activity;sid:81891311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.127.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028212/; classtype:trojan-activity;sid:81891312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028210/; classtype:trojan-activity;sid:81891310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.105.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028209/; classtype:trojan-activity;sid:81891309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.97.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028205/; classtype:trojan-activity;sid:81891305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.135.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028206/; classtype:trojan-activity;sid:81891306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.74.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028207/; classtype:trojan-activity;sid:81891307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.94.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028208/; classtype:trojan-activity;sid:81891308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.1.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028201/; classtype:trojan-activity;sid:81891301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.60.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028202/; classtype:trojan-activity;sid:81891302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.203.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028203/; classtype:trojan-activity;sid:81891303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.212.251.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028204/; classtype:trojan-activity;sid:81891304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.210.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028199/; classtype:trojan-activity;sid:81891299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.51.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028200/; classtype:trojan-activity;sid:81891300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.232.75.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028197/; classtype:trojan-activity;sid:81891297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.147.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028198/; classtype:trojan-activity;sid:81891298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.39.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028192/; classtype:trojan-activity;sid:81891292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.124.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028193/; classtype:trojan-activity;sid:81891293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.14.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028194/; classtype:trojan-activity;sid:81891294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.95.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028195/; classtype:trojan-activity;sid:81891295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.120.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028196/; classtype:trojan-activity;sid:81891296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.127.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028191/; classtype:trojan-activity;sid:81891291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.127.51.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028190/; classtype:trojan-activity;sid:81891290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.99.171.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028189/; classtype:trojan-activity;sid:81891289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.116.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028186/; classtype:trojan-activity;sid:81891286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.209.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028187/; classtype:trojan-activity;sid:81891287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028188/; classtype:trojan-activity;sid:81891288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.69.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028185/; classtype:trojan-activity;sid:81891285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.83.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028184/; classtype:trojan-activity;sid:81891284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.218.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028180/; classtype:trojan-activity;sid:81891280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.19.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028181/; classtype:trojan-activity;sid:81891281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.172.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028182/; classtype:trojan-activity;sid:81891282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028183/; classtype:trojan-activity;sid:81891283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.132.205.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028179/; classtype:trojan-activity;sid:81891279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.67.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028178/; classtype:trojan-activity;sid:81891278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.190.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028177/; classtype:trojan-activity;sid:81891277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.67.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028176/; classtype:trojan-activity;sid:81891276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.21.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028175/; classtype:trojan-activity;sid:81891275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m+-o+/tmp/netgear|7c|3b|7c|sh+netgear|7c|26|7c|curpath=/|7c|26|7c|currentsetting.htm=1"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"219.155.237.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028174/; classtype:trojan-activity;sid:81891274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.31.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028172/; classtype:trojan-activity;sid:81891272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.43.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028173/; classtype:trojan-activity;sid:81891273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.168.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028171/; classtype:trojan-activity;sid:81891271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.107.119.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028170/; classtype:trojan-activity;sid:81891270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.66.79.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028169/; classtype:trojan-activity;sid:81891269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.174.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028168/; classtype:trojan-activity;sid:81891268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.162.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028167/; classtype:trojan-activity;sid:81891267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.94.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028166/; classtype:trojan-activity;sid:81891266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.91.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028164/; classtype:trojan-activity;sid:81891264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.201.20.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028165/; classtype:trojan-activity;sid:81891265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.140.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028160/; classtype:trojan-activity;sid:81891260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.116.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028161/; classtype:trojan-activity;sid:81891261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.224.21.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028162/; classtype:trojan-activity;sid:81891262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.63.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028163/; classtype:trojan-activity;sid:81891263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.99.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028159/; classtype:trojan-activity;sid:81891259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.157.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028151/; classtype:trojan-activity;sid:81891251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.194.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028152/; classtype:trojan-activity;sid:81891252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.83.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028153/; classtype:trojan-activity;sid:81891253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.29.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028154/; classtype:trojan-activity;sid:81891254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.206.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028155/; classtype:trojan-activity;sid:81891255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.91.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028156/; classtype:trojan-activity;sid:81891256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.118.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028157/; classtype:trojan-activity;sid:81891257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.113.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028158/; classtype:trojan-activity;sid:81891258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.218.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028150/; classtype:trojan-activity;sid:81891250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.217.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028148/; classtype:trojan-activity;sid:81891248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.67.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028149/; classtype:trojan-activity;sid:81891249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.116.177.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028146/; classtype:trojan-activity;sid:81891246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.45.139.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028147/; classtype:trojan-activity;sid:81891247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.66.196.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028142/; classtype:trojan-activity;sid:81891242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.205.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028143/; classtype:trojan-activity;sid:81891243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.8.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028144/; classtype:trojan-activity;sid:81891244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.123.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028145/; classtype:trojan-activity;sid:81891245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.60.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028141/; classtype:trojan-activity;sid:81891241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.161.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028140/; classtype:trojan-activity;sid:81891240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028139/; classtype:trojan-activity;sid:81891239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.152.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028138/; classtype:trojan-activity;sid:81891238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.14.25.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028135/; classtype:trojan-activity;sid:81891235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.171.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028136/; classtype:trojan-activity;sid:81891236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.85.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028137/; classtype:trojan-activity;sid:81891237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.42.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028132/; classtype:trojan-activity;sid:81891232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.73.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028133/; classtype:trojan-activity;sid:81891233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.14.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028134/; classtype:trojan-activity;sid:81891234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.39.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028131/; classtype:trojan-activity;sid:81891231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028130)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.92.107.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028130/; classtype:trojan-activity;sid:81891230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.33.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028129/; classtype:trojan-activity;sid:81891229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.200.71.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028127/; classtype:trojan-activity;sid:81891227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.7.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028128/; classtype:trojan-activity;sid:81891228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.221.59.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028126/; classtype:trojan-activity;sid:81891226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.227.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028125/; classtype:trojan-activity;sid:81891225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.49.210.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028124/; classtype:trojan-activity;sid:81891224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.21.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028123/; classtype:trojan-activity;sid:81891223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.218.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028122/; classtype:trojan-activity;sid:81891222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.14.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028121/; classtype:trojan-activity;sid:81891221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.50.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028120/; classtype:trojan-activity;sid:81891220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.124.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028119/; classtype:trojan-activity;sid:81891219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.217.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028116/; classtype:trojan-activity;sid:81891216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028117)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.84.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028117/; classtype:trojan-activity;sid:81891217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.106.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028118/; classtype:trojan-activity;sid:81891218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.69.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028113/; classtype:trojan-activity;sid:81891213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.113.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028114/; classtype:trojan-activity;sid:81891214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.120.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028115/; classtype:trojan-activity;sid:81891215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.231.95.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028112/; classtype:trojan-activity;sid:81891212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.104.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028109/; classtype:trojan-activity;sid:81891209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.174.26.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028110/; classtype:trojan-activity;sid:81891210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.29.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028111/; classtype:trojan-activity;sid:81891211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.227.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028106/; classtype:trojan-activity;sid:81891206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.109.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028107/; classtype:trojan-activity;sid:81891207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.77.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028108/; classtype:trojan-activity;sid:81891208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"149.200.71.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028105/; classtype:trojan-activity;sid:81891205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.94.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028104/; classtype:trojan-activity;sid:81891204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.108.0.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028103/; classtype:trojan-activity;sid:81891203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.178.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028102/; classtype:trojan-activity;sid:81891202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.173.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028098/; classtype:trojan-activity;sid:81891198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.123.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028099/; classtype:trojan-activity;sid:81891199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.66.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028100/; classtype:trojan-activity;sid:81891200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.133.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028101/; classtype:trojan-activity;sid:81891201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.51.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028097/; classtype:trojan-activity;sid:81891197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.172.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028096/; classtype:trojan-activity;sid:81891196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.205.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028095/; classtype:trojan-activity;sid:81891195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.221.59.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028094/; classtype:trojan-activity;sid:81891194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.232.73.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028093/; classtype:trojan-activity;sid:81891193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.38.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028092/; classtype:trojan-activity;sid:81891192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.87.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028091/; classtype:trojan-activity;sid:81891191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.18.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028090/; classtype:trojan-activity;sid:81891190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028089)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.17.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028089/; classtype:trojan-activity;sid:81891189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.212.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028083/; classtype:trojan-activity;sid:81891183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.160.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028084/; classtype:trojan-activity;sid:81891184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.30.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028085/; classtype:trojan-activity;sid:81891185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.6.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028086/; classtype:trojan-activity;sid:81891186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.51.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028087/; classtype:trojan-activity;sid:81891187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.64.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028088/; classtype:trojan-activity;sid:81891188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.105.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028082/; classtype:trojan-activity;sid:81891182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.199.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028080/; classtype:trojan-activity;sid:81891180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.126.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028081/; classtype:trojan-activity;sid:81891181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.24.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028079/; classtype:trojan-activity;sid:81891179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.174.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028078/; classtype:trojan-activity;sid:81891178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028077)"; flow:established,from_client; content:"GET"; http_method; content:"/index.php/fr/media/editors/tinymce/js/dsg0mgeide.php"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"www.tomobil.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028077/; classtype:trojan-activity;sid:81891177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028076)"; flow:established,from_client; content:"GET"; http_method; content:"/batkek/arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.123.7.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028076/; classtype:trojan-activity;sid:81891176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.232.73.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028074/; classtype:trojan-activity;sid:81891174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.87.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028075/; classtype:trojan-activity;sid:81891175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.163.126.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028073/; classtype:trojan-activity;sid:81891173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.181.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028072/; classtype:trojan-activity;sid:81891172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.183.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028071/; classtype:trojan-activity;sid:81891171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.27.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028066/; classtype:trojan-activity;sid:81891166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028067/; classtype:trojan-activity;sid:81891167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.63.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028068/; classtype:trojan-activity;sid:81891168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.211.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028069/; classtype:trojan-activity;sid:81891169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.104.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028070/; classtype:trojan-activity;sid:81891170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.165.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028064/; classtype:trojan-activity;sid:81891164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.82.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028065/; classtype:trojan-activity;sid:81891165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.82.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028063/; classtype:trojan-activity;sid:81891163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.96.84.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028060/; classtype:trojan-activity;sid:81891160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.176.224.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028061/; classtype:trojan-activity;sid:81891161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.195.7.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028062/; classtype:trojan-activity;sid:81891162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.83.125.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028059/; classtype:trojan-activity;sid:81891159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.24.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028058/; classtype:trojan-activity;sid:81891158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.33.122.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028057/; classtype:trojan-activity;sid:81891157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.57.70.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028056/; classtype:trojan-activity;sid:81891156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.65.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028055/; classtype:trojan-activity;sid:81891155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.245.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028054/; classtype:trojan-activity;sid:81891154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.163.127.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028053/; classtype:trojan-activity;sid:81891153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028052)"; flow:established,from_client; content:"GET"; http_method; content:"/downfiles/lv.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"filsaem01.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028052/; classtype:trojan-activity;sid:81891152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.10.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028046/; classtype:trojan-activity;sid:81891146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028047)"; flow:established,from_client; content:"GET"; http_method; content:"/40s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028047/; classtype:trojan-activity;sid:81891147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.16.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028048/; classtype:trojan-activity;sid:81891148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028049)"; flow:established,from_client; content:"GET"; http_method; content:"/50s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028049/; classtype:trojan-activity;sid:81891149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028050)"; flow:established,from_client; content:"GET"; http_method; content:"/48s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028050/; classtype:trojan-activity;sid:81891150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028051)"; flow:established,from_client; content:"GET"; http_method; content:"/14s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028051/; classtype:trojan-activity;sid:81891151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.115.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028045/; classtype:trojan-activity;sid:81891145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028039)"; flow:established,from_client; content:"GET"; http_method; content:"/34s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028039/; classtype:trojan-activity;sid:81891139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028040)"; flow:established,from_client; content:"GET"; http_method; content:"/7s43682te5.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028040/; classtype:trojan-activity;sid:81891140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028041)"; flow:established,from_client; content:"GET"; http_method; content:"/42s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028041/; classtype:trojan-activity;sid:81891141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028042)"; flow:established,from_client; content:"GET"; http_method; content:"/15s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028042/; classtype:trojan-activity;sid:81891142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028043)"; flow:established,from_client; content:"GET"; http_method; content:"/23s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028043/; classtype:trojan-activity;sid:81891143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028044)"; flow:established,from_client; content:"GET"; http_method; content:"/8s43682te5.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028044/; classtype:trojan-activity;sid:81891144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.176.56.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028038/; classtype:trojan-activity;sid:81891138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.225.119.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028037/; classtype:trojan-activity;sid:81891137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.83.27.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028036/; classtype:trojan-activity;sid:81891136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.106.90.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028035/; classtype:trojan-activity;sid:81891135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.81.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028031/; classtype:trojan-activity;sid:81891131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.83.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028032/; classtype:trojan-activity;sid:81891132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.97.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028033/; classtype:trojan-activity;sid:81891133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.160.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028034/; classtype:trojan-activity;sid:81891134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028030)"; flow:established,from_client; content:"GET"; http_method; content:"/49s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028030/; classtype:trojan-activity;sid:81891130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028026)"; flow:established,from_client; content:"GET"; http_method; content:"/25s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028026/; classtype:trojan-activity;sid:81891126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028027)"; flow:established,from_client; content:"GET"; http_method; content:"/20s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028027/; classtype:trojan-activity;sid:81891127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028028)"; flow:established,from_client; content:"GET"; http_method; content:"/44s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028028/; classtype:trojan-activity;sid:81891128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028029)"; flow:established,from_client; content:"GET"; http_method; content:"/27s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028029/; classtype:trojan-activity;sid:81891129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028025)"; flow:established,from_client; content:"GET"; http_method; content:"/15ret45bad.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028025/; classtype:trojan-activity;sid:81891125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028021)"; flow:established,from_client; content:"GET"; http_method; content:"/30s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028021/; classtype:trojan-activity;sid:81891121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028022)"; flow:established,from_client; content:"GET"; http_method; content:"/11s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028022/; classtype:trojan-activity;sid:81891122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028023)"; flow:established,from_client; content:"GET"; http_method; content:"/45s43682te5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028023/; classtype:trojan-activity;sid:81891123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028024)"; flow:established,from_client; content:"GET"; http_method; content:"/1s43682te5.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028024/; classtype:trojan-activity;sid:81891124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.95.192.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028019/; classtype:trojan-activity;sid:81891119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028020)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/nextend-facebook-connect/nsl/pke774ttfx8lk.php"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"www.shoproquo.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028020/; classtype:trojan-activity;sid:81891120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028018)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/classic-editor/js/ozp5dmyq5djumjr.php"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"www.alapon.pw"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028018/; classtype:trojan-activity;sid:81891118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.174.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028017/; classtype:trojan-activity;sid:81891117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.125.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028015/; classtype:trojan-activity;sid:81891115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.242.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028016/; classtype:trojan-activity;sid:81891116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028014)"; flow:established,from_client; content:"GET"; http_method; content:"/gutpags.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028014/; classtype:trojan-activity;sid:81891114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.92.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028010/; classtype:trojan-activity;sid:81891110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.61.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028011/; classtype:trojan-activity;sid:81891111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.81.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028012/; classtype:trojan-activity;sid:81891112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.116.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028013/; classtype:trojan-activity;sid:81891113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028005/; classtype:trojan-activity;sid:81891105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.28.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028006/; classtype:trojan-activity;sid:81891106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.169.45.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028007/; classtype:trojan-activity;sid:81891107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.213.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028008/; classtype:trojan-activity;sid:81891108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.35.98.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028009/; classtype:trojan-activity;sid:81891109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.31.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028002/; classtype:trojan-activity;sid:81891102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.75.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028003/; classtype:trojan-activity;sid:81891103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.167.2.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028004/; classtype:trojan-activity;sid:81891104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.162.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028000/; classtype:trojan-activity;sid:81891100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1028001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.6.135.164"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1028001/; classtype:trojan-activity;sid:81891101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027999/; classtype:trojan-activity;sid:81891099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.95.147.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027998/; classtype:trojan-activity;sid:81891098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.27.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027996/; classtype:trojan-activity;sid:81891096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.127.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027997/; classtype:trojan-activity;sid:81891097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.175.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027993/; classtype:trojan-activity;sid:81891093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.191.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027994/; classtype:trojan-activity;sid:81891094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.63.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027995/; classtype:trojan-activity;sid:81891095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.31.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027990/; classtype:trojan-activity;sid:81891090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.63.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027991/; classtype:trojan-activity;sid:81891091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.176.111.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027992/; classtype:trojan-activity;sid:81891092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.81.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027989/; classtype:trojan-activity;sid:81891089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.73.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027988/; classtype:trojan-activity;sid:81891088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.109.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027987/; classtype:trojan-activity;sid:81891087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027986)"; flow:established,from_client; content:"GET"; http_method; content:"/rmyjq/44251784175810200000.dat"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"vngkinderopvang.nl"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027986/; classtype:trojan-activity;sid:81891086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027985)"; flow:established,from_client; content:"GET"; http_method; content:"/noexyryqori/44251784175810200000.dat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hdmedia.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027985/; classtype:trojan-activity;sid:81891085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027984)"; flow:established,from_client; content:"GET"; http_method; content:"/xjhuljbqv/44251784175810200000.dat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.fernway.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027984/; classtype:trojan-activity;sid:81891084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027983)"; flow:established,from_client; content:"GET"; http_method; content:"/gwixglx/44251784175810200000.dat"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"stadt-fuchs.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027983/; classtype:trojan-activity;sid:81891083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.95.192.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027981/; classtype:trojan-activity;sid:81891081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027982)"; flow:established,from_client; content:"GET"; http_method; content:"/nseoqnwbbvmc/44251784175810200000.dat"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"sumonpro.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027982/; classtype:trojan-activity;sid:81891082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.112.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027980/; classtype:trojan-activity;sid:81891080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.6.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027978/; classtype:trojan-activity;sid:81891078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.143.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027979/; classtype:trojan-activity;sid:81891079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027977)"; flow:established,from_client; content:"GET"; http_method; content:"/pmslsda/44251782425463000000.dat"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"dicomm-001-site35.ctempurl.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027977/; classtype:trojan-activity;sid:81891077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.166.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027976/; classtype:trojan-activity;sid:81891076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027973/; classtype:trojan-activity;sid:81891073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.71.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027974/; classtype:trojan-activity;sid:81891074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027975)"; flow:established,from_client; content:"GET"; http_method; content:"/tfbgl/44251782425463000000.dat"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"slmtv.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027975/; classtype:trojan-activity;sid:81891075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027969)"; flow:established,from_client; content:"GET"; http_method; content:"/anesrq/44251782425463000000.dat"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"www.kunjincompany.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027969/; classtype:trojan-activity;sid:81891069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027970)"; flow:established,from_client; content:"GET"; http_method; content:"/nlbzyhfs/44251782425463000000.dat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"pandsquinny.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027970/; classtype:trojan-activity;sid:81891070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.95.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027971/; classtype:trojan-activity;sid:81891071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027972)"; flow:established,from_client; content:"GET"; http_method; content:"/hxjxxwav/44251782425463000000.dat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"konyahaberler.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027972/; classtype:trojan-activity;sid:81891072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.175.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027968/; classtype:trojan-activity;sid:81891068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.253.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027967/; classtype:trojan-activity;sid:81891067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027966)"; flow:established,from_client; content:"GET"; http_method; content:"/s/64z74mpgh7zlsqs/note_%23_0643.zip|3f|dl=1"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027966/; classtype:trojan-activity;sid:81891066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027965)"; flow:established,from_client; content:"GET"; http_method; content:"/s/f1zi747grqyx4qh/reports%20%239950.zip|3f|dl=1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027965/; classtype:trojan-activity;sid:81891065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027964)"; flow:established,from_client; content:"GET"; http_method; content:"/s/qkuq2k8z0j6bj2y/notice_760.zip|3f|dl=1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027964/; classtype:trojan-activity;sid:81891064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027962)"; flow:established,from_client; content:"GET"; http_method; content:"/s/8ypfe5y45elt1fu/confidential_363464.zip|3f|dl=1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027962/; classtype:trojan-activity;sid:81891062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027963)"; flow:established,from_client; content:"GET"; http_method; content:"/s/vwh51t6z636e8hj/detailed%2077521.zip|3f|dl=1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027963/; classtype:trojan-activity;sid:81891063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027955)"; flow:established,from_client; content:"GET"; http_method; content:"/s/szknsovtf174fpq/notification%20198.zip|3f|dl=1"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027955/; classtype:trojan-activity;sid:81891055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027956)"; flow:established,from_client; content:"GET"; http_method; content:"/s/7dc2ldii4s8n1ri/copy%2003579.zip|3f|dl=1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027956/; classtype:trojan-activity;sid:81891056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027957)"; flow:established,from_client; content:"GET"; http_method; content:"/s/ktpn1f0gl7ym29x/scan_47745.zip|3f|dl=1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027957/; classtype:trojan-activity;sid:81891057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027958)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dvcdkyfwm5lscpk/documentation%20%23288405.zip|3f|dl=1"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027958/; classtype:trojan-activity;sid:81891058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027959)"; flow:established,from_client; content:"GET"; http_method; content:"/s/m1aozaf8th63hzj/fax%20jjxfxaaqa.doc|3f|dl=1"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027959/; classtype:trojan-activity;sid:81891059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027960)"; flow:established,from_client; content:"GET"; http_method; content:"/s/e67kxcqk1qmv80m/confidential%20999261.zip|3f|dl=1"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027960/; classtype:trojan-activity;sid:81891060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027961)"; flow:established,from_client; content:"GET"; http_method; content:"/s/lz86qb2tmuelriy/information%2069079.zip|3f|dl=1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027961/; classtype:trojan-activity;sid:81891061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027952)"; flow:established,from_client; content:"GET"; http_method; content:"/s/84brzp77jp625rl/contract%20837.zip|3f|dl=1"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027952/; classtype:trojan-activity;sid:81891052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027953)"; flow:established,from_client; content:"GET"; http_method; content:"/s/vpnf5dtn6fyrnxi/fax_%23_5478.zip|3f|dl=1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027953/; classtype:trojan-activity;sid:81891053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027954)"; flow:established,from_client; content:"GET"; http_method; content:"/s/hmxoigzu9rji4pv/fax_678.zip|3f|dl=1"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027954/; classtype:trojan-activity;sid:81891054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027949)"; flow:established,from_client; content:"GET"; http_method; content:"/s/jwb571wbg1qtbcs/report_426.zip|3f|dl=1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027949/; classtype:trojan-activity;sid:81891049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027950)"; flow:established,from_client; content:"GET"; http_method; content:"/s/qk4cagl5wrkwggg/fax_%23_135.zip|3f|dl=1"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027950/; classtype:trojan-activity;sid:81891050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027951)"; flow:established,from_client; content:"GET"; http_method; content:"/s/9172mm5wn9kksxk/fax_%23_94029.zip|3f|dl=1"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027951/; classtype:trojan-activity;sid:81891051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027946)"; flow:established,from_client; content:"GET"; http_method; content:"/s/b25o7aj2o322mfh/scan%20%234139.zip|3f|dl=1"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027946/; classtype:trojan-activity;sid:81891046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027947)"; flow:established,from_client; content:"GET"; http_method; content:"/s/i70jw6p5qqlpzm7/fax_%23_900826.zip|3f|dl=1"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027947/; classtype:trojan-activity;sid:81891047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027948)"; flow:established,from_client; content:"GET"; http_method; content:"/s/5vtenmxtdrdkp1u/fax%20494.zip|3f|dl=1"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027948/; classtype:trojan-activity;sid:81891048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027942)"; flow:established,from_client; content:"GET"; http_method; content:"/s/sbefht1vjto7m3n/detailed%20134249.zip|3f|dl=1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027942/; classtype:trojan-activity;sid:81891042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027943)"; flow:established,from_client; content:"GET"; http_method; content:"/s/zsofx7jht9t23g5/information_%23_6264.zip|3f|dl=1"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027943/; classtype:trojan-activity;sid:81891043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027944)"; flow:established,from_client; content:"GET"; http_method; content:"/s/v5tzs3yprhiido1/rep_1851.zip|3f|dl=1"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027944/; classtype:trojan-activity;sid:81891044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027945)"; flow:established,from_client; content:"GET"; http_method; content:"/s/hbvl7tw5xnsu91p/documentation%20165273.zip|3f|dl=1"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027945/; classtype:trojan-activity;sid:81891045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027941)"; flow:established,from_client; content:"GET"; http_method; content:"/s/s3xpros3tcbqrnd/subconract%20%239767.zip|3f|dl=1"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027941/; classtype:trojan-activity;sid:81891041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027940)"; flow:established,from_client; content:"GET"; http_method; content:"/rmyjq/44251772663773100000.dat"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"vngkinderopvang.nl"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027940/; classtype:trojan-activity;sid:81891040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027938)"; flow:established,from_client; content:"GET"; http_method; content:"/xjhuljbqv/44251772663773100000.dat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.fernway.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027938/; classtype:trojan-activity;sid:81891038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027939)"; flow:established,from_client; content:"GET"; http_method; content:"/nseoqnwbbvmc/44251772663773100000.dat"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"sumonpro.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027939/; classtype:trojan-activity;sid:81891039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.207.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027936/; classtype:trojan-activity;sid:81891036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027937)"; flow:established,from_client; content:"GET"; http_method; content:"/noexyryqori/44251772663773100000.dat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hdmedia.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027937/; classtype:trojan-activity;sid:81891037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027933)"; flow:established,from_client; content:"GET"; http_method; content:"/gwixglx/44251772663773100000.dat"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"stadt-fuchs.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027933/; classtype:trojan-activity;sid:81891033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.169.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027932/; classtype:trojan-activity;sid:81891032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.89.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027931/; classtype:trojan-activity;sid:81891031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.126.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027930/; classtype:trojan-activity;sid:81891030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.253.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027928/; classtype:trojan-activity;sid:81891028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.169.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027929/; classtype:trojan-activity;sid:81891029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.211.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027927/; classtype:trojan-activity;sid:81891027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.227.100.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027925/; classtype:trojan-activity;sid:81891025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.153.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027926/; classtype:trojan-activity;sid:81891026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.158.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027924/; classtype:trojan-activity;sid:81891024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.86.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027922/; classtype:trojan-activity;sid:81891022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.38.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027923/; classtype:trojan-activity;sid:81891023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.73.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027921/; classtype:trojan-activity;sid:81891021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027920)"; flow:established,from_client; content:"GET"; http_method; content:"/base/1c62f5b549714f531d809d45ce3bd6ef.html"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"coroloboxorozor.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027920/; classtype:trojan-activity;sid:81891020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027919)"; flow:established,from_client; content:"GET"; http_method; content:"/base/b46e6daa60c748759b79ca803d532d68.html"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"coroloboxorozor.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027919/; classtype:trojan-activity;sid:81891019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027917)"; flow:established,from_client; content:"GET"; http_method; content:"/base/e0bca81596602ef9ae57978d7f4893d2.html"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"coroloboxorozor.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027917/; classtype:trojan-activity;sid:81891017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027918)"; flow:established,from_client; content:"GET"; http_method; content:"/base/d80ee52cdbaa77448d71df6d004d6fa0.html"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"coroloboxorozor.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027918/; classtype:trojan-activity;sid:81891018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027916)"; flow:established,from_client; content:"GET"; http_method; content:"/base/7e698e4c45d33d02e9e58579ae794079.html"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"coroloboxorozor.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027916/; classtype:trojan-activity;sid:81891016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027911)"; flow:established,from_client; content:"GET"; http_method; content:"/base/d2dd88f5b135953f8eba26f7a7ce4c6a.html"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"coroloboxorozor.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027911/; classtype:trojan-activity;sid:81891011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027912)"; flow:established,from_client; content:"GET"; http_method; content:"/base/f31a591a992f9f10459ca91956d4b922.html"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"coroloboxorozor.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027912/; classtype:trojan-activity;sid:81891012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027913)"; flow:established,from_client; content:"GET"; http_method; content:"/base/06c98f58764ecb9af36495eba0ee318d.html"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"coroloboxorozor.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027913/; classtype:trojan-activity;sid:81891013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027914)"; flow:established,from_client; content:"GET"; http_method; content:"/base/ede126314c68b596b08d93c8c13cb128.html"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"coroloboxorozor.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027914/; classtype:trojan-activity;sid:81891014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.253.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027915/; classtype:trojan-activity;sid:81891015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027909)"; flow:established,from_client; content:"GET"; http_method; content:"/s/h5yz5aacpc9y62n/pago%20de%20planilla%20febrero%202021.tar|3f|dl=1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027909/; classtype:trojan-activity;sid:81891009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027910)"; flow:established,from_client; content:"GET"; http_method; content:"/s/gloxzro6uhlfnq9/aportes%20de%20planillas%20pagadas%2024%20feb.tar|3f|dl=1"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027910/; classtype:trojan-activity;sid:81891010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027905)"; flow:established,from_client; content:"GET"; http_method; content:"/s/n5zsiowme4rtnpv/davivienda%20le%20informa%20que%20su%20adelanto%20de%20nomina%20se%20genero%20exitosamente.zip|3f|dl=1"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027905/; classtype:trojan-activity;sid:81891005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027906)"; flow:established,from_client; content:"GET"; http_method; content:"/s/5ep5ny366tm4qc3/soporte%20de%20pago%20exitoso.tar|3f|dl=1"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027906/; classtype:trojan-activity;sid:81891006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027907)"; flow:established,from_client; content:"GET"; http_method; content:"/s/5ep5ny366tm4qc3/soporte%20de%20pago%20exitoso.tar|3f|dl=1"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027907/; classtype:trojan-activity;sid:81891007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027908)"; flow:established,from_client; content:"GET"; http_method; content:"/s/h5yz5aacpc9y62n/pago%20de%20planilla%20febrero%202021.tar|3f|dl=1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027908/; classtype:trojan-activity;sid:81891008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027901)"; flow:established,from_client; content:"GET"; http_method; content:"/s/n5zsiowme4rtnpv/davivienda%20le%20informa%20que%20su%20adelanto%20de%20nomina%20se%20genero%20exitosamente.zip|3f|dl=1"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027901/; classtype:trojan-activity;sid:81891001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027902)"; flow:established,from_client; content:"GET"; http_method; content:"/s/0uktp9lwpy7b3h1/reporte%20de%20acreditacion%20para%20el%20pago%204261%20que%20se%20encuentra%20en%20mora.tar|3f|dl=1"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027902/; classtype:trojan-activity;sid:81891002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027903)"; flow:established,from_client; content:"GET"; http_method; content:"/s/y5bj4g9f41xs7dd/aprobacion%20de%20pago%20realizado%20exitosamente%20por%20entidad%20bancaria.tar|3f|dl=1"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027903/; classtype:trojan-activity;sid:81891003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027904)"; flow:established,from_client; content:"GET"; http_method; content:"/s/h9emtj71lzchh2b/ref%20seguridad%20social%20pago%20febrero%202021.tar|3f|dl=1"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027904/; classtype:trojan-activity;sid:81891004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.103.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027900/; classtype:trojan-activity;sid:81891000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.171.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027899/; classtype:trojan-activity;sid:81890999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.117.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027898/; classtype:trojan-activity;sid:81890998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.116.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027897/; classtype:trojan-activity;sid:81890997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.14.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027892/; classtype:trojan-activity;sid:81890992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.42.147"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027893/; classtype:trojan-activity;sid:81890993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.55.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027894/; classtype:trojan-activity;sid:81890994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.83.219.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027895/; classtype:trojan-activity;sid:81890995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.37.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027896/; classtype:trojan-activity;sid:81890996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.65.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027891/; classtype:trojan-activity;sid:81890991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.163.127.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027890/; classtype:trojan-activity;sid:81890990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027887)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.138.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027887/; classtype:trojan-activity;sid:81890987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.16.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027888/; classtype:trojan-activity;sid:81890988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.73.105.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027889/; classtype:trojan-activity;sid:81890989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.40.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027886/; classtype:trojan-activity;sid:81890986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027885)"; flow:established,from_client; content:"GET"; http_method; content:"/rmyjq/44251470574768500000.dat"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"vngkinderopvang.nl"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027885/; classtype:trojan-activity;sid:81890985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027884)"; flow:established,from_client; content:"GET"; http_method; content:"/nseoqnwbbvmc/44251470574768500000.dat"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"sumonpro.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027884/; classtype:trojan-activity;sid:81890984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027883)"; flow:established,from_client; content:"GET"; http_method; content:"/xjhuljbqv/44251470574768500000.dat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.fernway.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027883/; classtype:trojan-activity;sid:81890983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027882)"; flow:established,from_client; content:"GET"; http_method; content:"/noexyryqori/44251470574768500000.dat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hdmedia.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027882/; classtype:trojan-activity;sid:81890982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027881)"; flow:established,from_client; content:"GET"; http_method; content:"/gwixglx/44251470574768500000.dat"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"stadt-fuchs.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027881/; classtype:trojan-activity;sid:81890981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.123.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027880/; classtype:trojan-activity;sid:81890980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027879)"; flow:established,from_client; content:"GET"; http_method; content:"/ykcfoknw/44251751062615700000.dat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"jttires.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027879/; classtype:trojan-activity;sid:81890979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027875)"; flow:established,from_client; content:"GET"; http_method; content:"/cfuizfotpz/44251751062615700000.dat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"eventpeople.pro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027875/; classtype:trojan-activity;sid:81890975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027876)"; flow:established,from_client; content:"GET"; http_method; content:"/ncmlzqphuqma/44251751062615700000.dat"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"dnvillas.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027876/; classtype:trojan-activity;sid:81890976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027877)"; flow:established,from_client; content:"GET"; http_method; content:"/dwwzeqw/44251751062615700000.dat"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ledia.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027877/; classtype:trojan-activity;sid:81890977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027878)"; flow:established,from_client; content:"GET"; http_method; content:"/ffbupgnegjy/44251751062615700000.dat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"meta.group"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027878/; classtype:trojan-activity;sid:81890978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.170.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027872/; classtype:trojan-activity;sid:81890972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.19.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027873/; classtype:trojan-activity;sid:81890973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.45.235.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027874/; classtype:trojan-activity;sid:81890974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.126.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027870/; classtype:trojan-activity;sid:81890970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.173.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027871/; classtype:trojan-activity;sid:81890971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.36.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027869/; classtype:trojan-activity;sid:81890969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.122.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027867/; classtype:trojan-activity;sid:81890967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.134.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027868/; classtype:trojan-activity;sid:81890968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.6.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027866/; classtype:trojan-activity;sid:81890966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.164.139.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027865/; classtype:trojan-activity;sid:81890965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.61.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027863/; classtype:trojan-activity;sid:81890963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.233.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027864/; classtype:trojan-activity;sid:81890964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.22.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027862/; classtype:trojan-activity;sid:81890962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.166.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027861/; classtype:trojan-activity;sid:81890961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.102.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027859/; classtype:trojan-activity;sid:81890959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.57.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027860/; classtype:trojan-activity;sid:81890960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.103.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027858/; classtype:trojan-activity;sid:81890958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.182.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027855/; classtype:trojan-activity;sid:81890955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.141.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027856/; classtype:trojan-activity;sid:81890956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.37.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027857/; classtype:trojan-activity;sid:81890957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.78.71.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027854/; classtype:trojan-activity;sid:81890954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.136.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027853/; classtype:trojan-activity;sid:81890953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.251.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027851/; classtype:trojan-activity;sid:81890951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.233.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027852/; classtype:trojan-activity;sid:81890952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.17.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027850/; classtype:trojan-activity;sid:81890950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027848)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.67.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027848/; classtype:trojan-activity;sid:81890948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.107.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027849/; classtype:trojan-activity;sid:81890949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.199.176.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027847/; classtype:trojan-activity;sid:81890947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.116.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027845/; classtype:trojan-activity;sid:81890945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.163.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027846/; classtype:trojan-activity;sid:81890946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.116.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027843/; classtype:trojan-activity;sid:81890943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.215.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027844/; classtype:trojan-activity;sid:81890944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.242.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027842/; classtype:trojan-activity;sid:81890942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.179.223.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027841/; classtype:trojan-activity;sid:81890941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.121.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027840/; classtype:trojan-activity;sid:81890940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.94.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027838/; classtype:trojan-activity;sid:81890938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.85.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027839/; classtype:trojan-activity;sid:81890939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027836)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.180.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027836/; classtype:trojan-activity;sid:81890936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.40.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027837/; classtype:trojan-activity;sid:81890937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.79.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027835/; classtype:trojan-activity;sid:81890935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.125.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027831/; classtype:trojan-activity;sid:81890931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.100.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027832/; classtype:trojan-activity;sid:81890932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.77.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027833/; classtype:trojan-activity;sid:81890933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.218.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027834/; classtype:trojan-activity;sid:81890934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.241.227.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027827/; classtype:trojan-activity;sid:81890927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.48.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027828/; classtype:trojan-activity;sid:81890928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.178.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027829/; classtype:trojan-activity;sid:81890929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.101.59.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027830/; classtype:trojan-activity;sid:81890930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027823)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027823/; classtype:trojan-activity;sid:81890923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.232.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027824/; classtype:trojan-activity;sid:81890924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.128.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027825/; classtype:trojan-activity;sid:81890925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.236.248.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027826/; classtype:trojan-activity;sid:81890926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.123.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027822/; classtype:trojan-activity;sid:81890922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.35.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027821/; classtype:trojan-activity;sid:81890921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.50.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027819/; classtype:trojan-activity;sid:81890919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.41.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027820/; classtype:trojan-activity;sid:81890920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.191.3.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027818/; classtype:trojan-activity;sid:81890918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.43.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027816/; classtype:trojan-activity;sid:81890916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.126.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027817/; classtype:trojan-activity;sid:81890917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.133.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027813/; classtype:trojan-activity;sid:81890913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.123.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027814/; classtype:trojan-activity;sid:81890914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.101.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027815/; classtype:trojan-activity;sid:81890915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.63.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027809/; classtype:trojan-activity;sid:81890909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.98.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027810/; classtype:trojan-activity;sid:81890910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.210.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027811/; classtype:trojan-activity;sid:81890911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.232.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027812/; classtype:trojan-activity;sid:81890912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027808)"; flow:established,from_client; content:"GET"; http_method; content:"/gutpage.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"q1s0oci49jo.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027808/; classtype:trojan-activity;sid:81890908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.33.122.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027807/; classtype:trojan-activity;sid:81890907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.175.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027806/; classtype:trojan-activity;sid:81890906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.132.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027805/; classtype:trojan-activity;sid:81890905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.179.223.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027804/; classtype:trojan-activity;sid:81890904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.247.202.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027803/; classtype:trojan-activity;sid:81890903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.12.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027802/; classtype:trojan-activity;sid:81890902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.154.80.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027801/; classtype:trojan-activity;sid:81890901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.215.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027800/; classtype:trojan-activity;sid:81890900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.221.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027799/; classtype:trojan-activity;sid:81890899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027798)"; flow:established,from_client; content:"GET"; http_method; content:"/nlbzyhfs/44251717321527800000.dat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"pandsquinny.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027798/; classtype:trojan-activity;sid:81890898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027797)"; flow:established,from_client; content:"GET"; http_method; content:"/anesrq/44251717321527800000.dat"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"www.kunjincompany.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027797/; classtype:trojan-activity;sid:81890897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027796)"; flow:established,from_client; content:"GET"; http_method; content:"/pmslsda/44251717321527800000.dat"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"dicomm-001-site35.ctempurl.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027796/; classtype:trojan-activity;sid:81890896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.71.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027793/; classtype:trojan-activity;sid:81890893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027794)"; flow:established,from_client; content:"GET"; http_method; content:"/tfbgl/44251717321527800000.dat"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"slmtv.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027794/; classtype:trojan-activity;sid:81890894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.126.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027795/; classtype:trojan-activity;sid:81890895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.188.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027791/; classtype:trojan-activity;sid:81890891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027792)"; flow:established,from_client; content:"GET"; http_method; content:"/hxjxxwav/44251717321527800000.dat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"konyahaberler.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027792/; classtype:trojan-activity;sid:81890892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.12.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027790/; classtype:trojan-activity;sid:81890890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027785)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jovvsvpuzb8mwc2haze-6oeaeata8yg2"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027785/; classtype:trojan-activity;sid:81890885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027786)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=18jvs_w_o0m1bjnhaguoud1m-ocuszgef"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027786/; classtype:trojan-activity;sid:81890886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027787)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1np5pgo8017eoiop-b9xvwfyciplrysnt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027787/; classtype:trojan-activity;sid:81890887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027788)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gyelkqhks25iux4b-t1lr94eqaxuvry7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027788/; classtype:trojan-activity;sid:81890888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.132.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027789/; classtype:trojan-activity;sid:81890889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027781)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nrw7lty4x0nytxvhddecga58ar1z8pwz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027781/; classtype:trojan-activity;sid:81890881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027782)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qhm38kcw0j9xsmyfm4mpt5q5h_nh_jih"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027782/; classtype:trojan-activity;sid:81890882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027783)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19hcbpwqd6_tilpr9nffynk04_ce_1wwq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027783/; classtype:trojan-activity;sid:81890883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027784)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kchpryva7qwpapxkezvi_ijfeqy5nlln"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027784/; classtype:trojan-activity;sid:81890884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027780)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qwlqi-o0m6dhkfkgg1sj1ppsx-fsauay"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027780/; classtype:trojan-activity;sid:81890880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027779)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/813843419184365593/814086057892642836/eplycyer207.bin"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027779/; classtype:trojan-activity;sid:81890879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027777)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tzgmeabgujutmqpppgn_tt1qsy9hqfz4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027777/; classtype:trojan-activity;sid:81890877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027778)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zxo-xsf9ftnpbb1m_ktnee_ut54gea7m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027778/; classtype:trojan-activity;sid:81890878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.35.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027776/; classtype:trojan-activity;sid:81890876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.52.146.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027774/; classtype:trojan-activity;sid:81890874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.37.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027775/; classtype:trojan-activity;sid:81890875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.51.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027773/; classtype:trojan-activity;sid:81890873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.162.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027772/; classtype:trojan-activity;sid:81890872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.48.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027767/; classtype:trojan-activity;sid:81890867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.163.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027768/; classtype:trojan-activity;sid:81890868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.108.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027769/; classtype:trojan-activity;sid:81890869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.110.35.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027770/; classtype:trojan-activity;sid:81890870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.107.133.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027771/; classtype:trojan-activity;sid:81890871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027763)"; flow:established,from_client; content:"GET"; http_method; content:"/google/svch.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"104.168.5.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027763/; classtype:trojan-activity;sid:81890863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027764)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/files/m79.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"139.162.190.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027764/; classtype:trojan-activity;sid:81890864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027765)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/files/m80.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"139.162.190.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027765/; classtype:trojan-activity;sid:81890865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027766)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/files/m78.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"139.162.190.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027766/; classtype:trojan-activity;sid:81890866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027762)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.94.135.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027762/; classtype:trojan-activity;sid:81890862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.81.159.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027761/; classtype:trojan-activity;sid:81890861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.47.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027760/; classtype:trojan-activity;sid:81890860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.160.168.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027759/; classtype:trojan-activity;sid:81890859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.143.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027756/; classtype:trojan-activity;sid:81890856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.122.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027757/; classtype:trojan-activity;sid:81890857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.20.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027758/; classtype:trojan-activity;sid:81890858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.16.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027754/; classtype:trojan-activity;sid:81890854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.0.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027755/; classtype:trojan-activity;sid:81890855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.89.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027752/; classtype:trojan-activity;sid:81890852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.173.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027753/; classtype:trojan-activity;sid:81890853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.104.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027748/; classtype:trojan-activity;sid:81890848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.1.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027749/; classtype:trojan-activity;sid:81890849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.96.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027750/; classtype:trojan-activity;sid:81890850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.82.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027751/; classtype:trojan-activity;sid:81890851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.73.188.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027747/; classtype:trojan-activity;sid:81890847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.200.32.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027746/; classtype:trojan-activity;sid:81890846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.81.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027745/; classtype:trojan-activity;sid:81890845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.125.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027743/; classtype:trojan-activity;sid:81890843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.48.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027744/; classtype:trojan-activity;sid:81890844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.117.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027742/; classtype:trojan-activity;sid:81890842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.26.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027739/; classtype:trojan-activity;sid:81890839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.40.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027740/; classtype:trojan-activity;sid:81890840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.88.106.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027741/; classtype:trojan-activity;sid:81890841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.68.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027738/; classtype:trojan-activity;sid:81890838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.105.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027736/; classtype:trojan-activity;sid:81890836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.47.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027737/; classtype:trojan-activity;sid:81890837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.27.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027735/; classtype:trojan-activity;sid:81890835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.33.122.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027734/; classtype:trojan-activity;sid:81890834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027733)"; flow:established,from_client; content:"GET"; http_method; content:"/s/if7qjfcha9c6mqz/confirmacion%20de%20transferencia%20davivienda%20realizada%20con%20exito%20de%20cuenta%20de%20ahorro.tar|3f|dl=1"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027733/; classtype:trojan-activity;sid:81890833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027731)"; flow:established,from_client; content:"GET"; http_method; content:"/s/if7qjfcha9c6mqz/confirmacion%20de%20transferencia%20davivienda%20realizada%20con%20exito%20de%20cuenta%20de%20ahorro.tar|3f|dl=1"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027731/; classtype:trojan-activity;sid:81890831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027732)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.165.227.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027732/; classtype:trojan-activity;sid:81890832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027730)"; flow:established,from_client; content:"GET"; http_method; content:"/s/hmp5tut1j2akzh0/bancolombia%20le%20informa%20recepcion%20de%20transferencia%20a%20su%20cuenta%20de%20ahorros.zip|3f|dl=1"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027730/; classtype:trojan-activity;sid:81890830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.210.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027729/; classtype:trojan-activity;sid:81890829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.126.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027728/; classtype:trojan-activity;sid:81890828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.230.92.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027727/; classtype:trojan-activity;sid:81890827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.118.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027726/; classtype:trojan-activity;sid:81890826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.53.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027723/; classtype:trojan-activity;sid:81890823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027724/; classtype:trojan-activity;sid:81890824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.160.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027725/; classtype:trojan-activity;sid:81890825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.203.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027720/; classtype:trojan-activity;sid:81890820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.91.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027721/; classtype:trojan-activity;sid:81890821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.204.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027722/; classtype:trojan-activity;sid:81890822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027719)"; flow:established,from_client; content:"GET"; http_method; content:"/nlbzyhfs/44251432854976900000.dat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"pandsquinny.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027719/; classtype:trojan-activity;sid:81890819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027718)"; flow:established,from_client; content:"GET"; http_method; content:"/kkcikakk/44251687644213000000.dat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"jayshreewoods.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027718/; classtype:trojan-activity;sid:81890818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027717)"; flow:established,from_client; content:"GET"; http_method; content:"/nwkucot/44251478613194400000.dat"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"youviral.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027717/; classtype:trojan-activity;sid:81890817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027716)"; flow:established,from_client; content:"GET"; http_method; content:"/pmslsda/44251432854976900000.dat"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"dicomm-001-site35.ctempurl.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027716/; classtype:trojan-activity;sid:81890816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027713)"; flow:established,from_client; content:"GET"; http_method; content:"/tfbgl/44251432854976900000.dat"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"slmtv.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027713/; classtype:trojan-activity;sid:81890813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027714)"; flow:established,from_client; content:"GET"; http_method; content:"/hxjxxwav/44251432854976900000.dat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"konyahaberler.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027714/; classtype:trojan-activity;sid:81890814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027715)"; flow:established,from_client; content:"GET"; http_method; content:"/axwsaj/44251478613194400000.dat"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"foodszo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027715/; classtype:trojan-activity;sid:81890815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027712)"; flow:established,from_client; content:"GET"; http_method; content:"/txaiuwgeayb/44251478613194400000.dat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pactoporlaexcelenciaeducativa.mx"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027712/; classtype:trojan-activity;sid:81890812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027711)"; flow:established,from_client; content:"GET"; http_method; content:"/ideerdst/44251478613194400000.dat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"old.hprgroup.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027711/; classtype:trojan-activity;sid:81890811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.113.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027710/; classtype:trojan-activity;sid:81890810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.146.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027709/; classtype:trojan-activity;sid:81890809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.83.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027708/; classtype:trojan-activity;sid:81890808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.97.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027707/; classtype:trojan-activity;sid:81890807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.94.192.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027706/; classtype:trojan-activity;sid:81890806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.153.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027705/; classtype:trojan-activity;sid:81890805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.3.6.175"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027704/; classtype:trojan-activity;sid:81890804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.43.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027700/; classtype:trojan-activity;sid:81890800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.124.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027701/; classtype:trojan-activity;sid:81890801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.25.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027702/; classtype:trojan-activity;sid:81890802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.210.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027703/; classtype:trojan-activity;sid:81890803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.105.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027699/; classtype:trojan-activity;sid:81890799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027698)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027698/; classtype:trojan-activity;sid:81890798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027697)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027697/; classtype:trojan-activity;sid:81890797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027691)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027691/; classtype:trojan-activity;sid:81890791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027692)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027692/; classtype:trojan-activity;sid:81890792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027693)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027693/; classtype:trojan-activity;sid:81890793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027694)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027694/; classtype:trojan-activity;sid:81890794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027695)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027695/; classtype:trojan-activity;sid:81890795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027696)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027696/; classtype:trojan-activity;sid:81890796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027689)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027689/; classtype:trojan-activity;sid:81890789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027690)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027690/; classtype:trojan-activity;sid:81890790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027687)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqoo0gqs_2ltzfw2dxfipychowjbirgjxckdzf5llxatrgycakitrd4zqel_goc961uftgg4o_se6jw/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027687/; classtype:trojan-activity;sid:81890787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027688)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr05srzc9nda4zv740qgflomg5yambfnovtriwadbzf9wazycvpoll1aehawugpxacguznpfd5gvnuh/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027688/; classtype:trojan-activity;sid:81890788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027685)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqcr1l-dfupuoucfcxxaxxwhzmzd45qjroufem3bzvx4rasg3psbrbbemcz_a063xtid1lgojhbaw71/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027685/; classtype:trojan-activity;sid:81890785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.52.119.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027686/; classtype:trojan-activity;sid:81890786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027680)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqv_toqo2r-c2zjyd0y6y7_tvair1gpvbf9hlm4a-eahqgqlmqdcwgnxvvfdh1yjjashjkxxegma6l6/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027680/; classtype:trojan-activity;sid:81890780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027681)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq_zy4blkcsetvyxfrqt1fvg45aaz7bobmtdwcyrhpkvq4kqthzh5uy2yy5hqezzawmkurz7cphz4kc/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027681/; classtype:trojan-activity;sid:81890781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027682)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vs38nty1brcmmklbc2sb4mbucm6a3qxev64ocybhz-_ubqgfj58it6jephr1zhwqlld7oijgmq0r5jb/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027682/; classtype:trojan-activity;sid:81890782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027683)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrabxvcxwdlilwr1rr_nrd5ykohyqmxwpdkt7qgdxa85q1etj5xmi0g4q1s0gu84qizgnjci9va-eo1/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027683/; classtype:trojan-activity;sid:81890783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027684)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr7pdnakhf6sbwczctomk3achf-uavd9zfi1rffzx78wwy2uocqoljxjljdmuvmy8u_wczng2a0rgak/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027684/; classtype:trojan-activity;sid:81890784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027676)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsjl-reltfxadaui_qwvs3kzgma5yfeoyag5xk9e5r979b6uruz65qtof9ncjajo4xi6cjl3hnfz6tv/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027676/; classtype:trojan-activity;sid:81890776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027677)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq-kb0ptgxw9adcoxdm73pnxjw12bxlxmzdbh16bh02j-d8mhy1t1gjuhdwjgedqzexpk2irvfwgqws/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027677/; classtype:trojan-activity;sid:81890777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027678)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrclff3yqby4fkgupx3c4y9mx1vrecpobv3g_jopf13zzq_xx-yfyo-a96oolju6qbizdyewj9zqe9h/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027678/; classtype:trojan-activity;sid:81890778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027679)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqxc-pne2--2cidgpxliochx8oune6hur1novfsm3ysynjzfjgiz438rkiab8kl5whdswb3icutxo_a/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027679/; classtype:trojan-activity;sid:81890779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027675)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr6pr4jz8wmmnopomg23_mqpux9h8dayosfwfhhf_-hclnrhxttz-e-vmfsyz1hl8zo_b5hxyekxuup/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027675/; classtype:trojan-activity;sid:81890775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027667)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrbfzn1cojw_wvx6szy9srcydnkb-gcjuthu1wxpj5gbsgv3ul09_ze-214u0e9wlpyyaouxilwgppn/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027667/; classtype:trojan-activity;sid:81890767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027668)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsungxpwzqyjo2hebos9fmi6elmyspyldeyh-vizyrnbqbricmmqmgw4ukxwkcc_uuocbzv_7gf3ylo/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027668/; classtype:trojan-activity;sid:81890768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027669)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr-gahxp_ci-xbcr4a_lmdv7lvlb9pzrbuhptn0yegup_vxey6vtui0252hzszzt34prda4rq3aizco/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027669/; classtype:trojan-activity;sid:81890769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027670)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtq6xfbjak9muohw1gsw3a3dkwp6nwpdxgi5kz3jxwkxg6qssgyd2l26rm3_ujlaxxvuddx18vd_vt_/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027670/; classtype:trojan-activity;sid:81890770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027671)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsk05oyc8zopj1zvarmmrl2juku8miiq4cv1-cyoybm2qyk9scqd0h2spe6bckclqenbu2scbu1mxzw/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027671/; classtype:trojan-activity;sid:81890771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027672)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqqtqdixpdibj3hnkkpyyu-zikxe2awdzdxw0ztmbzc05vskrrufwidq79dn5jz3-pqo_kafmij9shk/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027672/; classtype:trojan-activity;sid:81890772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027673)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsuautfafydpkxl-iswenej-hsyb_fail_biailwhgadrn08htvi0qkgzhlny169ouwegje_2is8ky8/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027673/; classtype:trojan-activity;sid:81890773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027674)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vs2qk-2eeefpujmooy8c334nmhi7tkh04qe__0p6ds9naorbqxhthbwozvrfmcg5ohlu-ijhutlldyd/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027674/; classtype:trojan-activity;sid:81890774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027665)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqndzd1pkk3mh1c9lshtnftodgyj4_aqpsimmz6ewyv9nf6iyv7u9cfcidvqwmrzn425tj4vqyn5fiq/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027665/; classtype:trojan-activity;sid:81890765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027666)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtkampxptzi2ftsz62y9gojelmz6mhtje74z5nwifcghtzjpju08mvcl6ybjxjh7ek70ilw1zsylpdn/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027666/; classtype:trojan-activity;sid:81890766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027658)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtnqmuvg8m4gglw4mmuqwsbmiemulzwwrcjggmpilq9v9tgjwwh37pyjwzq7v93pvfvvo4xk48ubbor/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027658/; classtype:trojan-activity;sid:81890758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027659)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrjvfz4vn2d3uuevxkbr8iorhdlrmp65sch9k4hyunb0v5-kkrvrozpc0mnrqyafoncz-vvgtirtnda/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027659/; classtype:trojan-activity;sid:81890759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027660)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtfze4vnqh0ey67v8biqd45wjlin9bvccynlsoh1q9au4vxhb971lh0a0j5tprnsrhbev9uvvjywis-/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027660/; classtype:trojan-activity;sid:81890760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027661)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtobdszpec4qrnflrigvjn3pip7ymm9hzrykfotxpiafcbp4jmhinoi8--uoqjnvo_vvyj4fbrd0nzq/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027661/; classtype:trojan-activity;sid:81890761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027662)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrkgh57w7xllvmps9oyu2xtcbnu98pzjpychf-s0dxj-1gwd2zxbz2zgf0pkhcebbvijcqjliks9qwq/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027662/; classtype:trojan-activity;sid:81890762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027663)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrl80zy0a3al_iafggzbnvm3knjtpn3cbwotijrslttgc-7j1a5vlgaqyxnlfz24mmn28oqrwnpa1sf/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027663/; classtype:trojan-activity;sid:81890763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.76.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027664/; classtype:trojan-activity;sid:81890764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027654)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtzlpfrg-xyfrws_1jmhvahl5f5vda2d6jmvv6xb4v4zeenpwbbwyck9cmjesfgpck5c5jx1y-3hx5y/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027654/; classtype:trojan-activity;sid:81890754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027655)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrjp8_dq7pxgmv8eqn7hjycqbtoveavehefazuiqznqhl6c38nv1bipqbiij94jpejwgyrlmqm2-mbz/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027655/; classtype:trojan-activity;sid:81890755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027656)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vteqs1u1jakhc4pk6vuta0rpop_de9lukh0rd6lnewohxykjndbp-xr3tpr3afnp-wpyqmb2a20t1eh/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027656/; classtype:trojan-activity;sid:81890756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027657)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vshtqz0bc22jkt-bpdjbno1nuzxz-9ehcww29g4zgmvcebazpnmhdgvwuuzx6jqiowewts2hwdtahs8/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027657/; classtype:trojan-activity;sid:81890757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027648)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vra-7rx4nss1rexwedn-3frm4fbuipbopn_ogexymcbvjp9pfezfwprw3uynszc5wwnrjyw8k_xkezc/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027648/; classtype:trojan-activity;sid:81890748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027649)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqfsbxtbbn0-dvbabr26trm8rmp6qpmaxg_x4owqnbdfl8ifpfueqcalbkezqtpdwin3pq0b3vsjscr/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027649/; classtype:trojan-activity;sid:81890749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027650)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtzzwjax2x-shmd-wncdtmzrvdug0gw-nqj_x2zcw4orcyvekqsxxdywzkdimhuhlkv3itq1cacpeqn/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027650/; classtype:trojan-activity;sid:81890750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027651)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtsvbucwh5w-exjwh6s7ejxfvbmhqye-wxyivnulk--zw01u44i6w1lc31swyz-vci_hbjcwfp_ntvu/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027651/; classtype:trojan-activity;sid:81890751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027652)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtlaplosmc98vh_ptqdujlzwdhnxxv6dmsqy7jwxrxwaerpfwkg5cmxxfqcbfhgj2contzvsmdpnofz/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027652/; classtype:trojan-activity;sid:81890752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027653)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrzriyqtyunj1mzhvryo5lzjy0upzeen8wqijsnv36-a9542ehaljpxo3zpnfgn_op4k-6umgst87bb/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027653/; classtype:trojan-activity;sid:81890753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027644)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtobi7axxjdnhuukkhu9s5a6kzb5fel4aniixpl5f_gxuhi7bnczs5ekcfs24sdxujwsu9wlh4vxxyr/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027644/; classtype:trojan-activity;sid:81890744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027645)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqxkwvwsawhakvnqzmabcq9kh-mfu8v47stob17jeh656npdb6khe1gnkygvclfhwkfxjdthdpsj-1y/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027645/; classtype:trojan-activity;sid:81890745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027646)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqjdut-c8zbj486iph5nw44e1hgjhujtj5smev2-qdlz54e7vheclnxjlulr7acneei4edowqeirpcj/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027646/; classtype:trojan-activity;sid:81890746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027647)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqwjtcqf33ahtujqq1olharqzp-nugm-d9ceki71iethdy-9jynplxqhmhzjgrvwl48brstl-hte1jb/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027647/; classtype:trojan-activity;sid:81890747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027640)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsh0vn8prsag9wb9u9wjwfdxjh6mcwofu-lb5huwdrxb552ghdme_03c4s7gcnu7kba0hpgddscwcop/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027640/; classtype:trojan-activity;sid:81890740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027641)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrewksicm-rttluzan40iyr1kuhcovszmdh71dkv0nbemtdjfooxiyr5cixcuhz_wsovzgeftl-sdq5/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027641/; classtype:trojan-activity;sid:81890741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027642)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtwa01msfmydoxydl6yfq5x6nx_yheft71wocuojnbc0zg_kj1ax3rwusurhzymxxz-aiyspvjxvhqu/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027642/; classtype:trojan-activity;sid:81890742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027643)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsvrefhys2wo_lozbzvcftodh_kh92nrluv3zphexyak9q-3xzhu_abtk43u7nmzm4ib4twdmtfsqax/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027643/; classtype:trojan-activity;sid:81890743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027634)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsifbrydmznud6upzooe6ysyt6vvy3yshlmsfoltvb1he052tcffhgh5a5yeue-xaqnt287xhjfmpch/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027634/; classtype:trojan-activity;sid:81890734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027635)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsj-o_tu10xqmjkhoz728upjp3dx5r8lbxu8qocjl0efmkdf90ccturedsfycjgavh4wvnsx0zlp39b/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027635/; classtype:trojan-activity;sid:81890735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027636)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqn1dfgt8rtmsaanetjbju505tggl7akc1mt0eq_j70hyk5qdlgf2nmkuip1ortgfgdjgosfnbs1b71/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027636/; classtype:trojan-activity;sid:81890736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027637)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsvodn0yp6ntssjitp8xtcinttqqd8cpcpi6sn1hubw1vzyyb1oluearsyuu7bi5bdwzdfqcnlyihom/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027637/; classtype:trojan-activity;sid:81890737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027638)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsq-o4asevemoazjxgcojlrpyck2gntwhqxrvusieidcerwirifft24mb-j5ava_kgn4rlqobiuhony/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027638/; classtype:trojan-activity;sid:81890738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027639)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqvvyzercm9gprz8ttnixzijtjoi5mmwoxh-6txpaq-eb3qj3fzhngpkycqxkxtudmioz0xikl6xz27/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027639/; classtype:trojan-activity;sid:81890739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027632)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqhk2dtusn1i41ofp8qptiycmfldlkeriop96udem0tdtt3qztw3q_b8pvm5z3h-2guwieredp4vlqu/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027632/; classtype:trojan-activity;sid:81890732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027633)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq4cz9yw8fgni4lq3qnstnevfxhb0gyzc1r83umybfuephcuwhzp6uzok37ov1taj6eibw_te_kxmi_/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027633/; classtype:trojan-activity;sid:81890733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027624)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqsxzhahewlp26xje67etmckgclvsyumfvt6_bubisufbehvedfaqydk1senbtz7oyrm3wfqg886f8f/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027624/; classtype:trojan-activity;sid:81890724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027625)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqjlu5stjtcfkssoyemcksswbxvhnw_sbzipajfmdjioi0b1lzabawlzr2tu1kcfvxcrynvrspx4oew/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027625/; classtype:trojan-activity;sid:81890725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027626)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsng1jefaqyebfmbe8hqai7nson9e4diwgbptypqlqjgatpork17vgobrx8p_uw61lkcvmtgckbep_6/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027626/; classtype:trojan-activity;sid:81890726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027627)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrrkcuqcnjsewweyuqmw1gftehvt5cexi3mn8sgaerx8wp7-hyunpn4cjjsj3n-uxta1i6gw4nuav29/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027627/; classtype:trojan-activity;sid:81890727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027628)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrwjbhzlf6ogbmmlll7ihztpw0zwos7mcqbq9hbyl3qjtjwq5snuxjblhwujbriverbi10xihqivkuf/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027628/; classtype:trojan-activity;sid:81890728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027629)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqakoa7m4y766p3nrvq0bjis30zcotzh2nnt7vivxunpb6pqs4sgtowkeczict1iwgcygvtlveatnfr/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027629/; classtype:trojan-activity;sid:81890729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027630)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqhplobwe9jdpjfadyurtzvmpuyyfywldedije2idxeohtdkz29navn-zlg7fv2xvqsym1jfvlo4ggk/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027630/; classtype:trojan-activity;sid:81890730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027631)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtmkh2zrrzbeq6gupcavf-wf7jr5ysc2dgodo8cg80ashm-0xa1jcou-llrzzd8xgjtensweamrw--b/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027631/; classtype:trojan-activity;sid:81890731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.83.205.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027623/; classtype:trojan-activity;sid:81890723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027622/; classtype:trojan-activity;sid:81890722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.64.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027621/; classtype:trojan-activity;sid:81890721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.155.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027618/; classtype:trojan-activity;sid:81890718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.207.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027619/; classtype:trojan-activity;sid:81890719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.66.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027620/; classtype:trojan-activity;sid:81890720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.124.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027616/; classtype:trojan-activity;sid:81890716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.185.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027617/; classtype:trojan-activity;sid:81890717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.162.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027615/; classtype:trojan-activity;sid:81890715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.248.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027608/; classtype:trojan-activity;sid:81890708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.166.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027609/; classtype:trojan-activity;sid:81890709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.211.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027610/; classtype:trojan-activity;sid:81890710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.174.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027611/; classtype:trojan-activity;sid:81890711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.211.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027612/; classtype:trojan-activity;sid:81890712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.151.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027613/; classtype:trojan-activity;sid:81890713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.24.15.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027614/; classtype:trojan-activity;sid:81890714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.146.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027607/; classtype:trojan-activity;sid:81890707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.76.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027606/; classtype:trojan-activity;sid:81890706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.189.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027605/; classtype:trojan-activity;sid:81890705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027604)"; flow:established,from_client; content:"GET"; http_method; content:"/httpd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"37.10.71.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027604/; classtype:trojan-activity;sid:81890704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.27.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027603/; classtype:trojan-activity;sid:81890703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.162.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027602/; classtype:trojan-activity;sid:81890702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.18.47.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027601/; classtype:trojan-activity;sid:81890701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027600)"; flow:established,from_client; content:"GET"; http_method; content:"/anesrq/44251390114699100000.dat"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"www.kunjincompany.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027600/; classtype:trojan-activity;sid:81890700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027599)"; flow:established,from_client; content:"GET"; http_method; content:"/wwdtfgdlijlr/%2044245411843287000000.dat"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"miaovideo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027599/; classtype:trojan-activity;sid:81890699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027598)"; flow:established,from_client; content:"GET"; http_method; content:"/pmslsda/44251390114699100000.dat"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"dicomm-001-site35.ctempurl.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027598/; classtype:trojan-activity;sid:81890698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027597)"; flow:established,from_client; content:"GET"; http_method; content:"/samsgtlfwzt/44245411843287000000.dat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"7ruzezendegi.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027597/; classtype:trojan-activity;sid:81890697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027594)"; flow:established,from_client; content:"GET"; http_method; content:"/ictrljsfuh/44245411843287000000.dat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"chandni.pk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027594/; classtype:trojan-activity;sid:81890694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027595)"; flow:established,from_client; content:"GET"; http_method; content:"/tfbgl/44251390114699100000.dat"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"slmtv.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027595/; classtype:trojan-activity;sid:81890695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027596)"; flow:established,from_client; content:"GET"; http_method; content:"/qtuofsxtov/44245411843287000000.dat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"batikentklinik.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027596/; classtype:trojan-activity;sid:81890696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027593)"; flow:established,from_client; content:"GET"; http_method; content:"/ntpnttfypqs/44245411843287000000.dat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dindorf.com.ar"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027593/; classtype:trojan-activity;sid:81890693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027592)"; flow:established,from_client; content:"GET"; http_method; content:"/hxjxxwav/44251390114699100000.dat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"konyahaberler.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027592/; classtype:trojan-activity;sid:81890692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.109.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027591/; classtype:trojan-activity;sid:81890691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.8.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027589/; classtype:trojan-activity;sid:81890689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.245.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027590/; classtype:trojan-activity;sid:81890690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.173.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027588/; classtype:trojan-activity;sid:81890688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.83.205.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027587/; classtype:trojan-activity;sid:81890687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.155.34.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027586/; classtype:trojan-activity;sid:81890686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.143.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027585/; classtype:trojan-activity;sid:81890685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.162.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027584/; classtype:trojan-activity;sid:81890684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027583)"; flow:established,from_client; content:"GET"; http_method; content:"/lhbd/wp-includes/blocks/shortcode/buleaty4iz.php"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"rafeu.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027583/; classtype:trojan-activity;sid:81890683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027581)"; flow:established,from_client; content:"GET"; http_method; content:"/css/masterslider/skins/black-1/zuitge0qufru924.php"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"amlokservicios.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027581/; classtype:trojan-activity;sid:81890681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027582)"; flow:established,from_client; content:"GET"; http_method; content:"/prettyphoto/images/default/default/oaca11pvirmc.php"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"hashmiricemills.com.pk"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027582/; classtype:trojan-activity;sid:81890682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.30.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027580/; classtype:trojan-activity;sid:81890680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027572)"; flow:established,from_client; content:"GET"; http_method; content:"/img/fotos/ab8ebhadq.php"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"phetmantra.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027572/; classtype:trojan-activity;sid:81890672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027573)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ads/3921/thumb/2o9oemk3o.php"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"kiemtrathe.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027573/; classtype:trojan-activity;sid:81890673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027574/; classtype:trojan-activity;sid:81890674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027575)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/nextend-facebook-connect/nsl/pke774ttfx8lk.php"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"shoproquo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027575/; classtype:trojan-activity;sid:81890675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027576)"; flow:established,from_client; content:"GET"; http_method; content:"/main/wp-content/themes/kuteshop/0tskajk2gpow4g.php"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"bissanco.ps"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027576/; classtype:trojan-activity;sid:81890676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027577)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyfifteen/css/u5kqdpfgw.php"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"vonamarena.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027577/; classtype:trojan-activity;sid:81890677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027578)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2020/12/lqx2neacvo.php"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"michaelehaskins.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027578/; classtype:trojan-activity;sid:81890678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.164.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027579/; classtype:trojan-activity;sid:81890679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027570)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/01/gmxpotmutinp2.php"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"gsdclubofghana.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027570/; classtype:trojan-activity;sid:81890670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027571)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/mediaelement/renderers/8t1xaq5y2.php"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"sideralfachadas.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027571/; classtype:trojan-activity;sid:81890671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.66.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027565/; classtype:trojan-activity;sid:81890665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027566)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/tcb_lp_templates/js/es48s99pyo.php"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"treat.zeenodentals.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027566/; classtype:trojan-activity;sid:81890666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027567)"; flow:established,from_client; content:"GET"; http_method; content:"/images/aiwebanxjf65.php"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"modbro.applet.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027567/; classtype:trojan-activity;sid:81890667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.148.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027568/; classtype:trojan-activity;sid:81890668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027569/; classtype:trojan-activity;sid:81890669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.195.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027563/; classtype:trojan-activity;sid:81890663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027564)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/colors/blue/kf4l8l0is.php"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"stiri-romania-24.ro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027564/; classtype:trojan-activity;sid:81890664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.171.238.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027561/; classtype:trojan-activity;sid:81890661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.96.195.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027562/; classtype:trojan-activity;sid:81890662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.171.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027560/; classtype:trojan-activity;sid:81890660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.189.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027559/; classtype:trojan-activity;sid:81890659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.173.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027558/; classtype:trojan-activity;sid:81890658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.233.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027557/; classtype:trojan-activity;sid:81890657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.149.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027556/; classtype:trojan-activity;sid:81890656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027555)"; flow:established,from_client; content:"GET"; http_method; content:"/httpd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.214.157.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027555/; classtype:trojan-activity;sid:81890655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027554)"; flow:established,from_client; content:"GET"; http_method; content:"/22.gif"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.214.157.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027554/; classtype:trojan-activity;sid:81890654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027552)"; flow:established,from_client; content:"GET"; http_method; content:"/22.gif"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.10.71.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027552/; classtype:trojan-activity;sid:81890652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027553)"; flow:established,from_client; content:"GET"; http_method; content:"/22.gif"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.214.157.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027553/; classtype:trojan-activity;sid:81890653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027550)"; flow:established,from_client; content:"GET"; http_method; content:"/22.gif"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.10.71.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027550/; classtype:trojan-activity;sid:81890650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027551)"; flow:established,from_client; content:"GET"; http_method; content:"/22.gif"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.11.183.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027551/; classtype:trojan-activity;sid:81890651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027549)"; flow:established,from_client; content:"GET"; http_method; content:"/22.gif"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.11.183.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027549/; classtype:trojan-activity;sid:81890649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.177.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027545/; classtype:trojan-activity;sid:81890645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.81.14.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027546/; classtype:trojan-activity;sid:81890646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.175.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027547/; classtype:trojan-activity;sid:81890647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.220.20.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027548/; classtype:trojan-activity;sid:81890648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.169.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027544/; classtype:trojan-activity;sid:81890644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027542/; classtype:trojan-activity;sid:81890642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.94.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027543/; classtype:trojan-activity;sid:81890643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027541)"; flow:established,from_client; content:"GET"; http_method; content:"/22.gif"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.212.47.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027541/; classtype:trojan-activity;sid:81890641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.253.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027536/; classtype:trojan-activity;sid:81890636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.163.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027537/; classtype:trojan-activity;sid:81890637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.4.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027538/; classtype:trojan-activity;sid:81890638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.109.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027539/; classtype:trojan-activity;sid:81890639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.210.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027540/; classtype:trojan-activity;sid:81890640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.104.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027533/; classtype:trojan-activity;sid:81890633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.67.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027534/; classtype:trojan-activity;sid:81890634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.220.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027535/; classtype:trojan-activity;sid:81890635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027532)"; flow:established,from_client; content:"GET"; http_method; content:"/22.gif"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.212.47.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027532/; classtype:trojan-activity;sid:81890632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.92.81.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027531/; classtype:trojan-activity;sid:81890631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.98.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027530/; classtype:trojan-activity;sid:81890630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.26.85.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027528/; classtype:trojan-activity;sid:81890628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027529/; classtype:trojan-activity;sid:81890629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.96.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027526/; classtype:trojan-activity;sid:81890626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.18.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027527/; classtype:trojan-activity;sid:81890627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.128.217.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027524/; classtype:trojan-activity;sid:81890624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.64.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027525/; classtype:trojan-activity;sid:81890625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.115.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027522/; classtype:trojan-activity;sid:81890622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.146.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027523/; classtype:trojan-activity;sid:81890623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.118.62.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027521/; classtype:trojan-activity;sid:81890621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.12.52.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027520/; classtype:trojan-activity;sid:81890620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.170.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027515/; classtype:trojan-activity;sid:81890615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.232.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027516/; classtype:trojan-activity;sid:81890616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.213.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027517/; classtype:trojan-activity;sid:81890617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.56.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027518/; classtype:trojan-activity;sid:81890618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.206.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027519/; classtype:trojan-activity;sid:81890619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027512/; classtype:trojan-activity;sid:81890612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.126.247.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027513/; classtype:trojan-activity;sid:81890613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.45.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027514/; classtype:trojan-activity;sid:81890614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.233.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027511/; classtype:trojan-activity;sid:81890611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027510)"; flow:established,from_client; content:"GET"; http_method; content:"/google/vbc.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.168.5.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027510/; classtype:trojan-activity;sid:81890610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.135.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027509/; classtype:trojan-activity;sid:81890609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.224.163.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027508/; classtype:trojan-activity;sid:81890608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027507)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qrqcd6hpgxnnrabdqjhsm4vjc6fvxvpb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027507/; classtype:trojan-activity;sid:81890607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027506)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1j0x8so0tymoziynggbvtjbw7maxpdfc-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027506/; classtype:trojan-activity;sid:81890606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027505)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/requests/exception/http/hmbuclsd77p.php"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"zuenajoyeria.com.mx"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027505/; classtype:trojan-activity;sid:81890605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027504)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2018/01/o7b2z0qnj3r.php"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"nietolem.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027504/; classtype:trojan-activity;sid:81890604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027503)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sodium_compat/namespaced/core/ncofufs06.php"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"amancai.cl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027503/; classtype:trojan-activity;sid:81890603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027500)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=f57ceb019eb26e7d|7c|26|7c|resid=f57ceb019eb26e7d%21108|7c|26|7c|authkey=an1oxhgnjeeubjg"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027500/; classtype:trojan-activity;sid:81890600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027501)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uicpekwvfq3vi7jeg_1nknz5nicxkhm2"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027501/; classtype:trojan-activity;sid:81890601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027502)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_6zmxqqgjfchxgo46ndfshygnmkbzga4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027502/; classtype:trojan-activity;sid:81890602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027499)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1d-imno2z1s3iutwb9trmwacjsxqc7hn4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027499/; classtype:trojan-activity;sid:81890599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027495)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/sprout-invoices/bin/9ixr07p72y5oc.php"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"alneembac.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027495/; classtype:trojan-activity;sid:81890595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027496)"; flow:established,from_client; content:"GET"; http_method; content:"/lychee/lychee-front/styles/frame/bp9oysk0lphpy.php"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"gerhard-schwerdtfeger.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027496/; classtype:trojan-activity;sid:81890596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027497)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/classic-editor/js/ozp5dmyq5djumjr.php"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"alapon.pw"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027497/; classtype:trojan-activity;sid:81890597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027498)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tjgu1st6zigyioftmfljur0gw51fo7xu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027498/; classtype:trojan-activity;sid:81890598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027494)"; flow:established,from_client; content:"GET"; http_method; content:"/_lib/libraries/sys/emogrifier/rkilr5du3onzhz.php"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"demo.gruporoyale.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027494/; classtype:trojan-activity;sid:81890594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027492)"; flow:established,from_client; content:"GET"; http_method; content:"/media/editors/tinymce/js/dsg0mgeide.php"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.tomobil.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027492/; classtype:trojan-activity;sid:81890592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027493)"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/ezyang/htmlpurifier/library/dnxhe60msplg.php"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"topcompany.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027493/; classtype:trojan-activity;sid:81890593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027491/; classtype:trojan-activity;sid:81890591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.162.159.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027490/; classtype:trojan-activity;sid:81890590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.41.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027487/; classtype:trojan-activity;sid:81890587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.65.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027488/; classtype:trojan-activity;sid:81890588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027489)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.39.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027489/; classtype:trojan-activity;sid:81890589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.19.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027486/; classtype:trojan-activity;sid:81890586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.204.98.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027485/; classtype:trojan-activity;sid:81890585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.103.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027481/; classtype:trojan-activity;sid:81890581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.54.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027482/; classtype:trojan-activity;sid:81890582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.120.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027483/; classtype:trojan-activity;sid:81890583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027484/; classtype:trojan-activity;sid:81890584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027479)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes-old/simplepie/content/type/ijpebgsi.php"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"webriplex.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027479/; classtype:trojan-activity;sid:81890579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.101.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027480/; classtype:trojan-activity;sid:81890580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.135.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027478/; classtype:trojan-activity;sid:81890578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027477)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=5ee774ffc8d69cb6|7c|26|7c|resid=5ee774ffc8d69cb6!2326|7c|26|7c|authkey=aehc-idlqbtwete"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027477/; classtype:trojan-activity;sid:81890577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.134.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027476/; classtype:trojan-activity;sid:81890576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.77.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027475/; classtype:trojan-activity;sid:81890575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.66.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027474/; classtype:trojan-activity;sid:81890574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.36.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027471/; classtype:trojan-activity;sid:81890571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.173.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027472/; classtype:trojan-activity;sid:81890572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.195.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027473/; classtype:trojan-activity;sid:81890573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.116.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027467/; classtype:trojan-activity;sid:81890567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.206.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027468/; classtype:trojan-activity;sid:81890568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.170.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027469/; classtype:trojan-activity;sid:81890569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027470)"; flow:established,from_client; content:"GET"; http_method; content:"/6sfsgfsgqwert.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sromecorlduce.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027470/; classtype:trojan-activity;sid:81890570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.53.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027465/; classtype:trojan-activity;sid:81890565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.204.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027466/; classtype:trojan-activity;sid:81890566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027464)"; flow:established,from_client; content:"GET"; http_method; content:"/satrapic.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"maxusglobalsolutions.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027464/; classtype:trojan-activity;sid:81890564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.99.188.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027463/; classtype:trojan-activity;sid:81890563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.231.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027462/; classtype:trojan-activity;sid:81890562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.109.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027461/; classtype:trojan-activity;sid:81890561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.174.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027460/; classtype:trojan-activity;sid:81890560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.141.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027459/; classtype:trojan-activity;sid:81890559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.189.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027455/; classtype:trojan-activity;sid:81890555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.233.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027456/; classtype:trojan-activity;sid:81890556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.193.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027457/; classtype:trojan-activity;sid:81890557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.95.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027458/; classtype:trojan-activity;sid:81890558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.18.47.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027454/; classtype:trojan-activity;sid:81890554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.3.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027453/; classtype:trojan-activity;sid:81890553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.125.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027451/; classtype:trojan-activity;sid:81890551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.141.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027452/; classtype:trojan-activity;sid:81890552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.134.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027450/; classtype:trojan-activity;sid:81890550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.178.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027449/; classtype:trojan-activity;sid:81890549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.193.91.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027448/; classtype:trojan-activity;sid:81890548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027447)"; flow:established,from_client; content:"GET"; http_method; content:"/login.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"statssen.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027447/; classtype:trojan-activity;sid:81890547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027445)"; flow:established,from_client; content:"GET"; http_method; content:"/preview.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"statsstate.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027445/; classtype:trojan-activity;sid:81890545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027446)"; flow:established,from_client; content:"GET"; http_method; content:"/footer.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"statsarts.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027446/; classtype:trojan-activity;sid:81890546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.176.166.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027444/; classtype:trojan-activity;sid:81890544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.231.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027443/; classtype:trojan-activity;sid:81890543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.116.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027442/; classtype:trojan-activity;sid:81890542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.214.93.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027440/; classtype:trojan-activity;sid:81890540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.139.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027441/; classtype:trojan-activity;sid:81890541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.168.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027437/; classtype:trojan-activity;sid:81890537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.84.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027438/; classtype:trojan-activity;sid:81890538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.214.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027439/; classtype:trojan-activity;sid:81890539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.176.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027435/; classtype:trojan-activity;sid:81890535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.81.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027436/; classtype:trojan-activity;sid:81890536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.13.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027433/; classtype:trojan-activity;sid:81890533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.199.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027434/; classtype:trojan-activity;sid:81890534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.127.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027432/; classtype:trojan-activity;sid:81890532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.33.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027429/; classtype:trojan-activity;sid:81890529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.246.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027430/; classtype:trojan-activity;sid:81890530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.202.160.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027431/; classtype:trojan-activity;sid:81890531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.14.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027425/; classtype:trojan-activity;sid:81890525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.70.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027426/; classtype:trojan-activity;sid:81890526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.121.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027427/; classtype:trojan-activity;sid:81890527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.43.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027428/; classtype:trojan-activity;sid:81890528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.117.203.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027424/; classtype:trojan-activity;sid:81890524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.243.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027423/; classtype:trojan-activity;sid:81890523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027419)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=d7202e0affdb636a|7c|26|7c|resid=d7202e0affdb636a!121|7c|26|7c|authkey=anesujxrhcgdw3q"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027419/; classtype:trojan-activity;sid:81890519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027420)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=d7202e0affdb636a|7c|26|7c|resid=d7202e0affdb636a!120|7c|26|7c|authkey=akbb87dzfhkzmt4"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027420/; classtype:trojan-activity;sid:81890520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027421)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=d7202e0affdb636a|7c|26|7c|resid=d7202e0affdb636a%21120|7c|26|7c|authkey=akbb87dzfhkzmt4"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027421/; classtype:trojan-activity;sid:81890521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027422)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=d7202e0affdb636a|7c|26|7c|resid=d7202e0affdb636a%21118|7c|26|7c|authkey=agk0z7ulplc9gke"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027422/; classtype:trojan-activity;sid:81890522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027418)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=d7202e0affdb636a|7c|26|7c|resid=d7202e0affdb636a%21121|7c|26|7c|authkey=anesujxrhcgdw3q"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027418/; classtype:trojan-activity;sid:81890518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027417)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=d7202e0affdb636a|7c|26|7c|resid=d7202e0affdb636a!118|7c|26|7c|authkey=agk0z7ulplc9gke"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027417/; classtype:trojan-activity;sid:81890517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027416)"; flow:established,from_client; content:"GET"; http_method; content:"/node/invoice_4152112.doc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"loadingsingnatureofmsoffice.mangospot.net"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027416/; classtype:trojan-activity;sid:81890516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027414)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027414/; classtype:trojan-activity;sid:81890514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027415)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=115bffdddaa40942|7c|26|7c|resid=115bffdddaa40942!540|7c|26|7c|authkey=aamhnqgfdtdsoxk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027415/; classtype:trojan-activity;sid:81890515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027412/; classtype:trojan-activity;sid:81890512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027413)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=115bffdddaa40942|7c|26|7c|resid=115bffdddaa40942%21540|7c|26|7c|authkey=aamhnqgfdtdsoxk"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027413/; classtype:trojan-activity;sid:81890513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027408)"; flow:established,from_client; content:"GET"; http_method; content:"/s/74tyydzvw8u0kbw/payment%20notification_pdf.img|3f|dl=1"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027408/; classtype:trojan-activity;sid:81890508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027409)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027409/; classtype:trojan-activity;sid:81890509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027410)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=a76c2c9b2bbef5ec|7c|26|7c|resid=a76c2c9b2bbef5ec%21141|7c|26|7c|authkey=akcfuxzfafd_c9c"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027410/; classtype:trojan-activity;sid:81890510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027411)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=f6d01aa95ffb1d53|7c|26|7c|resid=f6d01aa95ffb1d53!105|7c|26|7c|authkey=anlewidt8z9tj7m"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027411/; classtype:trojan-activity;sid:81890511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027405)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=f6d01aa95ffb1d53|7c|26|7c|resid=f6d01aa95ffb1d53%21105|7c|26|7c|authkey=anlewidt8z9tj7m"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027405/; classtype:trojan-activity;sid:81890505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027406)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027406/; classtype:trojan-activity;sid:81890506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027407)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=d04ae31e674668e5|7c|26|7c|resid=d04ae31e674668e5!1483|7c|26|7c|authkey=ahhtn_dbnlupq4o"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027407/; classtype:trojan-activity;sid:81890507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027399)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027399/; classtype:trojan-activity;sid:81890499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027400)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027400/; classtype:trojan-activity;sid:81890500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027401)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027401/; classtype:trojan-activity;sid:81890501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027402/; classtype:trojan-activity;sid:81890502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027403/; classtype:trojan-activity;sid:81890503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027404)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027404/; classtype:trojan-activity;sid:81890504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027398)"; flow:established,from_client; content:"GET"; http_method; content:"/s/7uy5pat3ez358lb/scd_00398738_002987378.pdf.z|3f|dl=1"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027398/; classtype:trojan-activity;sid:81890498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027396)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=62c7ac7a7afece26|7c|26|7c|resid=62c7ac7a7afece26!493|7c|26|7c|authkey=aeg__7wcf7esydo"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027396/; classtype:trojan-activity;sid:81890496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027397)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=ce565f263c441a08|7c|26|7c|resid=ce565f263c441a08!113|7c|26|7c|authkey=ahdjrxgbhzsugj4"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027397/; classtype:trojan-activity;sid:81890497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027394)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=ae429b3cc1bcb97f|7c|26|7c|resid=ae429b3cc1bcb97f%21212|7c|26|7c|authkey=aj-mogs-bx60pac"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027394/; classtype:trojan-activity;sid:81890494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027395)"; flow:established,from_client; content:"GET"; http_method; content:"/s/q6evvjnkqco9mye/dsg_34565434gsm_3456654.xls.z|3f|dl=1|7c|26|7c|c=3ii9gcd|7c|26|7c|r=1e5fhf7nbcqj2bwmf9xdjx|7c|26|7c|k=7s1|7c|26|7c|s=boivbyk2amer5cxzid6ckzz6ee7n021ifiqficcyj4i"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027395/; classtype:trojan-activity;sid:81890495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027389)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=62c7ac7a7afece26|7c|26|7c|resid=62c7ac7a7afece26!491|7c|26|7c|authkey=aopwdha2wyjx0aa"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027389/; classtype:trojan-activity;sid:81890489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027390)"; flow:established,from_client; content:"GET"; http_method; content:"/s/qc3mjkqgyalrujg/mns_%29198176541567_109876542567.pdf.z|3f|dl=1"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027390/; classtype:trojan-activity;sid:81890490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027391)"; flow:established,from_client; content:"GET"; http_method; content:"/s/q6evvjnkqco9mye/dsg_34565434gsm_3456654.xls.z|3f|dl=1|7c|26|7c|c=3ii9gcd|7c|26|7c|r=pgbmxje2agv60xjypamph|7c|26|7c|k=7s1|7c|26|7c|s=hhhbmohotfdelccah4bwfkzxfdihfo0pmg1vu9oxnkk"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027391/; classtype:trojan-activity;sid:81890491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027392)"; flow:established,from_client; content:"GET"; http_method; content:"/s/zgmxjrwy4ws84kz/xcg-09876556-9865.pdf.z|3f|dl=1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027392/; classtype:trojan-activity;sid:81890492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027393)"; flow:established,from_client; content:"GET"; http_method; content:"/s/pibedlvn40d2hwo/em_remittance%20ff%20payment_copy.wmmz.z|3f|dl=1"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027393/; classtype:trojan-activity;sid:81890493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027384)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=62c7ac7a7afece26|7c|26|7c|resid=62c7ac7a7afece26%21492|7c|26|7c|authkey=akwg8p5adkpjm5w"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027384/; classtype:trojan-activity;sid:81890484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027385)"; flow:established,from_client; content:"GET"; http_method; content:"/s/pibedlvn40d2hwo/em_remittance%20ff%20payment_copy.wmmz.z|3f|dl=1"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027385/; classtype:trojan-activity;sid:81890485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027386)"; flow:established,from_client; content:"GET"; http_method; content:"/s/witkxz0e0exhle9/ch_py09876562_92736gh.pdf.z|3f|dl=1"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027386/; classtype:trojan-activity;sid:81890486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027387)"; flow:established,from_client; content:"GET"; http_method; content:"/s/q6evvjnkqco9mye/dsg_34565434gsm_3456654.xls.z|3f|dl=1|7c|26|7c|c=3ii9gcd|7c|26|7c|r=1e5fhf7nbcqj2bwmf9xdjx|7c|26|7c|k=7s1|7c|26|7c|s=boivbyk2amer5cxzid6ckzz6ee7n021ifiqficcyj4i"; http_uri; depth:179; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027387/; classtype:trojan-activity;sid:81890487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027388)"; flow:established,from_client; content:"GET"; http_method; content:"/s/witkxz0e0exhle9/ch_py09876562_92736gh.pdf.z|3f|dl=1"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027388/; classtype:trojan-activity;sid:81890488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027381)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=62c7ac7a7afece26|7c|26|7c|resid=62c7ac7a7afece26!492|7c|26|7c|authkey=akwg8p5adkpjm5w"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027381/; classtype:trojan-activity;sid:81890481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027382)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=ae429b3cc1bcb97f|7c|26|7c|resid=ae429b3cc1bcb97f!212|7c|26|7c|authkey=aj-mogs-bx60pac"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027382/; classtype:trojan-activity;sid:81890482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027383)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=ce565f263c441a08|7c|26|7c|resid=ce565f263c441a08%21113|7c|26|7c|authkey=ahdjrxgbhzsugj4"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027383/; classtype:trojan-activity;sid:81890483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027379)"; flow:established,from_client; content:"GET"; http_method; content:"/s/bbhyb6sp177fhzb/em_remittance%20ff%20payment_copy.ace|3f|dl=1"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027379/; classtype:trojan-activity;sid:81890479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027380)"; flow:established,from_client; content:"GET"; http_method; content:"/s/q6evvjnkqco9mye/dsg_34565434gsm_3456654.xls.z|3f|dl=1|7c|26|7c|c=3ii9gcd|7c|26|7c|r=pgbmxje2agv60xjypamph|7c|26|7c|k=7s1|7c|26|7c|s=hhhbmohotfdelccah4bwfkzxfdihfo0pmg1vu9oxnkk"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027380/; classtype:trojan-activity;sid:81890480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027378)"; flow:established,from_client; content:"GET"; http_method; content:"/s/8kdobgph06ybrvt/dg098766-098767.pdf.izh.z|3f|dl=1"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027378/; classtype:trojan-activity;sid:81890478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027376)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=f6d01aa95ffb1d53|7c|26|7c|resid=f6d01aa95ffb1d53!104|7c|26|7c|authkey=aksoyeuitq4unna"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027376/; classtype:trojan-activity;sid:81890476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027377)"; flow:established,from_client; content:"GET"; http_method; content:"/s/lubtfyrc46prbws/yhj_02987738298743829.pdf.z|3f|dl=1"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027377/; classtype:trojan-activity;sid:81890477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027373)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=df2b9db8783fa5b0|7c|26|7c|resid=df2b9db8783fa5b0!147|7c|26|7c|authkey=ao6ztnosd7kiyle"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027373/; classtype:trojan-activity;sid:81890473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027374)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=62c7ac7a7afece26|7c|26|7c|resid=62c7ac7a7afece26%21493|7c|26|7c|authkey=aeg__7wcf7esydo"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027374/; classtype:trojan-activity;sid:81890474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027375)"; flow:established,from_client; content:"GET"; http_method; content:"/s/af2eaoyjonxk5e6/hgpo098765_0098765.pdf.z|3f|dl=1"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027375/; classtype:trojan-activity;sid:81890475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027370)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=8b449b740959be3f|7c|26|7c|resid=8b449b740959be3f!1159|7c|26|7c|authkey=adoo2uwsl_t-gdu"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027370/; classtype:trojan-activity;sid:81890470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027371)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=62c7ac7a7afece26|7c|26|7c|resid=62c7ac7a7afece26%21491|7c|26|7c|authkey=aopwdha2wyjx0aa"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027371/; classtype:trojan-activity;sid:81890471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027372)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=8b449b740959be3f|7c|26|7c|resid=8b449b740959be3f%211159|7c|26|7c|authkey=adoo2uwsl_t-gdu"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027372/; classtype:trojan-activity;sid:81890472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027367)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=eb3f9b9882ee85f3|7c|26|7c|resid=eb3f9b9882ee85f3%21121|7c|26|7c|authkey=amtw0gjp63fupxu"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027367/; classtype:trojan-activity;sid:81890467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027368)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=f6d01aa95ffb1d53|7c|26|7c|resid=f6d01aa95ffb1d53%21104|7c|26|7c|authkey=aksoyeuitq4unna"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027368/; classtype:trojan-activity;sid:81890468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027369)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=df2b9db8783fa5b0|7c|26|7c|resid=df2b9db8783fa5b0%21147|7c|26|7c|authkey=ao6ztnosd7kiyle"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027369/; classtype:trojan-activity;sid:81890469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027366)"; flow:established,from_client; content:"GET"; http_method; content:"/sh/ciuq1srzlsvzl97/aaaxc1qykpicpqgwkjtjfmhta|3f|dl=1"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027366/; classtype:trojan-activity;sid:81890466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.193.91.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027365/; classtype:trojan-activity;sid:81890465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.88.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027364/; classtype:trojan-activity;sid:81890464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.88.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027362/; classtype:trojan-activity;sid:81890462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.181.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027363/; classtype:trojan-activity;sid:81890463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.0.133.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027361/; classtype:trojan-activity;sid:81890461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.122.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027360/; classtype:trojan-activity;sid:81890460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.124.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027357/; classtype:trojan-activity;sid:81890457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.63.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027358/; classtype:trojan-activity;sid:81890458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.16.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027359/; classtype:trojan-activity;sid:81890459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.84.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027356/; classtype:trojan-activity;sid:81890456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027355)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=0e26b39babdbf63c|7c|26|7c|resid=e26b39babdbf63c%21137|7c|26|7c|authkey=anshbgxg1_qa2h4"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027355/; classtype:trojan-activity;sid:81890455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.243.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027354/; classtype:trojan-activity;sid:81890454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.116.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027353/; classtype:trojan-activity;sid:81890453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.242.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027352/; classtype:trojan-activity;sid:81890452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.180.237.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027350/; classtype:trojan-activity;sid:81890450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.182.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027351/; classtype:trojan-activity;sid:81890451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.201.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027349/; classtype:trojan-activity;sid:81890449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.77.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027343/; classtype:trojan-activity;sid:81890443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.103.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027344/; classtype:trojan-activity;sid:81890444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027345/; classtype:trojan-activity;sid:81890445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.84.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027346/; classtype:trojan-activity;sid:81890446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.27.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027347/; classtype:trojan-activity;sid:81890447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027348)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.9.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027348/; classtype:trojan-activity;sid:81890448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.65.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027342/; classtype:trojan-activity;sid:81890442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.202.94.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027341/; classtype:trojan-activity;sid:81890441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.246.222.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027338/; classtype:trojan-activity;sid:81890438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.152.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027339/; classtype:trojan-activity;sid:81890439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.73.167.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027340/; classtype:trojan-activity;sid:81890440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027337)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.56.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027337/; classtype:trojan-activity;sid:81890437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.154.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027336/; classtype:trojan-activity;sid:81890436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.109.250.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027335/; classtype:trojan-activity;sid:81890435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.67.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027334/; classtype:trojan-activity;sid:81890434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.225.111.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027333/; classtype:trojan-activity;sid:81890433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.216.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027332/; classtype:trojan-activity;sid:81890432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.178.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027331/; classtype:trojan-activity;sid:81890431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.89.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027330/; classtype:trojan-activity;sid:81890430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.207.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027327/; classtype:trojan-activity;sid:81890427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027328/; classtype:trojan-activity;sid:81890428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.46.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027329/; classtype:trojan-activity;sid:81890429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.57.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027324/; classtype:trojan-activity;sid:81890424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.73.63.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027325/; classtype:trojan-activity;sid:81890425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.119.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027326/; classtype:trojan-activity;sid:81890426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.92.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027323/; classtype:trojan-activity;sid:81890423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027321)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sevenx.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tunedinblog.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027321/; classtype:trojan-activity;sid:81890421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.154.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027322/; classtype:trojan-activity;sid:81890422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.67.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027320/; classtype:trojan-activity;sid:81890420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.95.199.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027318/; classtype:trojan-activity;sid:81890418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027319)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.16.34.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027319/; classtype:trojan-activity;sid:81890419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.92.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027317/; classtype:trojan-activity;sid:81890417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.146.117.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027315/; classtype:trojan-activity;sid:81890415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.193.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027316/; classtype:trojan-activity;sid:81890416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.100.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027314/; classtype:trojan-activity;sid:81890414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.148.234.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027308/; classtype:trojan-activity;sid:81890408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.211.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027309/; classtype:trojan-activity;sid:81890409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.82.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027310/; classtype:trojan-activity;sid:81890410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.90.211.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027311/; classtype:trojan-activity;sid:81890411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.41.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027312/; classtype:trojan-activity;sid:81890412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.45.58.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027313/; classtype:trojan-activity;sid:81890413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.64.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027307/; classtype:trojan-activity;sid:81890407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.33.122.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027306/; classtype:trojan-activity;sid:81890406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.35.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027305/; classtype:trojan-activity;sid:81890405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.150.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027304/; classtype:trojan-activity;sid:81890404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.43.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027302/; classtype:trojan-activity;sid:81890402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.117.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027303/; classtype:trojan-activity;sid:81890403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.132.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027300/; classtype:trojan-activity;sid:81890400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.103.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027301/; classtype:trojan-activity;sid:81890401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.69.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027295/; classtype:trojan-activity;sid:81890395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.183.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027296/; classtype:trojan-activity;sid:81890396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.193.91.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027297/; classtype:trojan-activity;sid:81890397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.21.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027298/; classtype:trojan-activity;sid:81890398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.191.244.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027299/; classtype:trojan-activity;sid:81890399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.200.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027293/; classtype:trojan-activity;sid:81890393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.187.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027294/; classtype:trojan-activity;sid:81890394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.235.79.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027292/; classtype:trojan-activity;sid:81890392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.95.199.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027291/; classtype:trojan-activity;sid:81890391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.4.157.34"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027289/; classtype:trojan-activity;sid:81890389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.222.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027290/; classtype:trojan-activity;sid:81890390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.115.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027288/; classtype:trojan-activity;sid:81890388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.215.79.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027287/; classtype:trojan-activity;sid:81890387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.177.186.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027283/; classtype:trojan-activity;sid:81890383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.52.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027284/; classtype:trojan-activity;sid:81890384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.9.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027285/; classtype:trojan-activity;sid:81890385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.60.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027286/; classtype:trojan-activity;sid:81890386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.180.162.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027282/; classtype:trojan-activity;sid:81890382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.36.212.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027280/; classtype:trojan-activity;sid:81890380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.254.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027281/; classtype:trojan-activity;sid:81890381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.167.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027279/; classtype:trojan-activity;sid:81890379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.79.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027278/; classtype:trojan-activity;sid:81890378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.228.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027274/; classtype:trojan-activity;sid:81890374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.147.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027275/; classtype:trojan-activity;sid:81890375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027276)"; flow:established,from_client; content:"GET"; http_method; content:"/pwua8.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"u.teknik.io"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027276/; classtype:trojan-activity;sid:81890376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027277)"; flow:established,from_client; content:"GET"; http_method; content:"/wwws/vbc.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.227.228.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027277/; classtype:trojan-activity;sid:81890377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.3.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027271/; classtype:trojan-activity;sid:81890371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.44.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027272/; classtype:trojan-activity;sid:81890372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.86.235.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027273/; classtype:trojan-activity;sid:81890373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.52.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027269/; classtype:trojan-activity;sid:81890369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.65.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027270/; classtype:trojan-activity;sid:81890370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.222.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027268/; classtype:trojan-activity;sid:81890368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.180.162.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027267/; classtype:trojan-activity;sid:81890367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027266)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1z1onpybusbxdb4tv39hi99kgng3otudf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027266/; classtype:trojan-activity;sid:81890366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.254.95.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027265/; classtype:trojan-activity;sid:81890365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027264)"; flow:established,from_client; content:"GET"; http_method; content:"/setupgo.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"fornosoder.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027264/; classtype:trojan-activity;sid:81890364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.102.63.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027263/; classtype:trojan-activity;sid:81890363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.136.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027262/; classtype:trojan-activity;sid:81890362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027261)"; flow:established,from_client; content:"GET"; http_method; content:"/yus/vbc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"23.227.207.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027261/; classtype:trojan-activity;sid:81890361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.171.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027258/; classtype:trojan-activity;sid:81890358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.5.237"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027259/; classtype:trojan-activity;sid:81890359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.241.78.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027260/; classtype:trojan-activity;sid:81890360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.131.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027257/; classtype:trojan-activity;sid:81890357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.96.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027256/; classtype:trojan-activity;sid:81890356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.164.139.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027255/; classtype:trojan-activity;sid:81890355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027254)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ttcw6hwnfjp_w8mb5hqpib0u4cewhauq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027254/; classtype:trojan-activity;sid:81890354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027253)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1abj4o34hwhouccfjkzm0z2vbxefv7l0w"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027253/; classtype:trojan-activity;sid:81890353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.125.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027251/; classtype:trojan-activity;sid:81890351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.120.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027252/; classtype:trojan-activity;sid:81890352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027250)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cto-scd7n9l_0otn7sh0hdtz3ukcfkfc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027250/; classtype:trojan-activity;sid:81890350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.162.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027248/; classtype:trojan-activity;sid:81890348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.250.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027249/; classtype:trojan-activity;sid:81890349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.243.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027247/; classtype:trojan-activity;sid:81890347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027246)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oi4wiqd1pgn33trzz4ieldpugta-sny8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027246/; classtype:trojan-activity;sid:81890346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.224.171.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027244/; classtype:trojan-activity;sid:81890344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027245)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=18iihnep84f4aubrw7l2roirenclxhgio"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027245/; classtype:trojan-activity;sid:81890345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.106.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027240/; classtype:trojan-activity;sid:81890340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.187.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027241/; classtype:trojan-activity;sid:81890341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.67.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027242/; classtype:trojan-activity;sid:81890342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.157.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027243/; classtype:trojan-activity;sid:81890343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027238)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.132.144.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027238/; classtype:trojan-activity;sid:81890338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027239)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nosazd4nqpfn6epv0mnk0aj0pzvsfvif"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027239/; classtype:trojan-activity;sid:81890339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.123.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027234/; classtype:trojan-activity;sid:81890334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027235)"; flow:established,from_client; content:"GET"; http_method; content:"/jerusalem/bindons_xywwynsf162.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"63677990001.burrow.io"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027235/; classtype:trojan-activity;sid:81890335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027236)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/807722001241210933/813865812821409822/epbjss27.bin"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027236/; classtype:trojan-activity;sid:81890336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027237)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.116.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027237/; classtype:trojan-activity;sid:81890337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.200.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027233/; classtype:trojan-activity;sid:81890333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.225.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027232/; classtype:trojan-activity;sid:81890332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027231)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1icgrkh-13pdb-rv82n2a7e7yzkhqmcub"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027231/; classtype:trojan-activity;sid:81890331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.241.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027229/; classtype:trojan-activity;sid:81890329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.219.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027230/; classtype:trojan-activity;sid:81890330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027223)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ltfcew4be3rhbjmot7kxhdkncxmvmban"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027223/; classtype:trojan-activity;sid:81890323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.174.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027224/; classtype:trojan-activity;sid:81890324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027225)"; flow:established,from_client; content:"GET"; http_method; content:"/marct_drfittrna105.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cervmp.cl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027225/; classtype:trojan-activity;sid:81890325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.70.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027226/; classtype:trojan-activity;sid:81890326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.91.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027227/; classtype:trojan-activity;sid:81890327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027228)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.0.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027228/; classtype:trojan-activity;sid:81890328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.149.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027221/; classtype:trojan-activity;sid:81890321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.20.3.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027222/; classtype:trojan-activity;sid:81890322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027220)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/dutchx.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tunedinblog.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027220/; classtype:trojan-activity;sid:81890320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027219)"; flow:established,from_client; content:"GET"; http_method; content:"/homqo.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"u.teknik.io"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027219/; classtype:trojan-activity;sid:81890319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027218)"; flow:established,from_client; content:"GET"; http_method; content:"/node/vbc.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.39.217.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027218/; classtype:trojan-activity;sid:81890318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.178.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027217/; classtype:trojan-activity;sid:81890317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.204.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027216/; classtype:trojan-activity;sid:81890316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.23.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027214/; classtype:trojan-activity;sid:81890314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.18.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027215/; classtype:trojan-activity;sid:81890315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.108.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027211/; classtype:trojan-activity;sid:81890311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.126.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027212/; classtype:trojan-activity;sid:81890312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.154.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027213/; classtype:trojan-activity;sid:81890313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.53.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027209/; classtype:trojan-activity;sid:81890309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.43.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027210/; classtype:trojan-activity;sid:81890310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.59.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027206/; classtype:trojan-activity;sid:81890306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.167.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027207/; classtype:trojan-activity;sid:81890307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.161.237.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027208/; classtype:trojan-activity;sid:81890308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.202.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027205/; classtype:trojan-activity;sid:81890305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027204)"; flow:established,from_client; content:"GET"; http_method; content:"/footer.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"statssales.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027204/; classtype:trojan-activity;sid:81890304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.167.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027203/; classtype:trojan-activity;sid:81890303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027202)"; flow:established,from_client; content:"GET"; http_method; content:"/receipmt/regasm.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"topreshstdyenverstdf.dns.army"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027202/; classtype:trojan-activity;sid:81890302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.149.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027201/; classtype:trojan-activity;sid:81890301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.218.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027200/; classtype:trojan-activity;sid:81890300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.36.9.48"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027199/; classtype:trojan-activity;sid:81890299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.67.251.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027198/; classtype:trojan-activity;sid:81890298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.159.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027196/; classtype:trojan-activity;sid:81890296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.163.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027197/; classtype:trojan-activity;sid:81890297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.202.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027195/; classtype:trojan-activity;sid:81890295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.96.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027194/; classtype:trojan-activity;sid:81890294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.3.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027193/; classtype:trojan-activity;sid:81890293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.51.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027189/; classtype:trojan-activity;sid:81890289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.180.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027190/; classtype:trojan-activity;sid:81890290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.116.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027191/; classtype:trojan-activity;sid:81890291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027192)"; flow:established,from_client; content:"GET"; http_method; content:"/file/enm6qeyf0yne4h7/wyx-09901.7z/file"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027192/; classtype:trojan-activity;sid:81890292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027188)"; flow:established,from_client; content:"GET"; http_method; content:"/footer.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"statsper.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027188/; classtype:trojan-activity;sid:81890288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.151.155.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027184/; classtype:trojan-activity;sid:81890284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.169.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027185/; classtype:trojan-activity;sid:81890285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.40.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027186/; classtype:trojan-activity;sid:81890286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.178.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027187/; classtype:trojan-activity;sid:81890287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"140.240.142.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027183/; classtype:trojan-activity;sid:81890283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.118.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027182/; classtype:trojan-activity;sid:81890282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.35.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027181/; classtype:trojan-activity;sid:81890281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027180/; classtype:trojan-activity;sid:81890280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.73.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027179/; classtype:trojan-activity;sid:81890279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.69.5.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027178/; classtype:trojan-activity;sid:81890278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.237.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027174/; classtype:trojan-activity;sid:81890274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.129.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027175/; classtype:trojan-activity;sid:81890275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.199.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027176/; classtype:trojan-activity;sid:81890276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.240.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027177/; classtype:trojan-activity;sid:81890277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.225.88.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027173/; classtype:trojan-activity;sid:81890273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.167.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027172/; classtype:trojan-activity;sid:81890272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.137.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027171/; classtype:trojan-activity;sid:81890271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027169)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"165.22.238.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027169/; classtype:trojan-activity;sid:81890269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027170)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"165.22.238.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027170/; classtype:trojan-activity;sid:81890270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.216.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027168/; classtype:trojan-activity;sid:81890268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.3.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027167/; classtype:trojan-activity;sid:81890267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.88.106.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027166/; classtype:trojan-activity;sid:81890266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.210.187.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027165/; classtype:trojan-activity;sid:81890265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.126.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027164/; classtype:trojan-activity;sid:81890264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.18.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027162/; classtype:trojan-activity;sid:81890262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.225.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027163/; classtype:trojan-activity;sid:81890263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.50.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027159/; classtype:trojan-activity;sid:81890259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.89.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027160/; classtype:trojan-activity;sid:81890260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.123.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027161/; classtype:trojan-activity;sid:81890261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.151.155.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027157/; classtype:trojan-activity;sid:81890257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"143.255.128.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027158/; classtype:trojan-activity;sid:81890258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.182.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027155/; classtype:trojan-activity;sid:81890255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.178.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027156/; classtype:trojan-activity;sid:81890256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.142.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027154/; classtype:trojan-activity;sid:81890254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.241.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027150/; classtype:trojan-activity;sid:81890250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.157.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027151/; classtype:trojan-activity;sid:81890251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.5.29.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027152/; classtype:trojan-activity;sid:81890252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.162.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027153/; classtype:trojan-activity;sid:81890253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.164.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027149/; classtype:trojan-activity;sid:81890249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.18.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027148/; classtype:trojan-activity;sid:81890248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027147)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"172.245.10.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027147/; classtype:trojan-activity;sid:81890247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027146)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.49.230.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027146/; classtype:trojan-activity;sid:81890246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.33.104.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027145/; classtype:trojan-activity;sid:81890245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.126.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027143/; classtype:trojan-activity;sid:81890243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.21.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027144/; classtype:trojan-activity;sid:81890244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.9.127.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027140/; classtype:trojan-activity;sid:81890240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.197.28.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027141/; classtype:trojan-activity;sid:81890241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.170.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027142/; classtype:trojan-activity;sid:81890242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027138)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.16.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027138/; classtype:trojan-activity;sid:81890238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.206.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027139/; classtype:trojan-activity;sid:81890239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.163.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027134/; classtype:trojan-activity;sid:81890234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.66.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027135/; classtype:trojan-activity;sid:81890235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.175.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027136/; classtype:trojan-activity;sid:81890236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.37.97.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027137/; classtype:trojan-activity;sid:81890237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.50.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027133/; classtype:trojan-activity;sid:81890233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.134.180.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027132/; classtype:trojan-activity;sid:81890232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.25.249.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027131/; classtype:trojan-activity;sid:81890231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.98.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027130/; classtype:trojan-activity;sid:81890230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.104.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027129/; classtype:trojan-activity;sid:81890229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.39.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027128/; classtype:trojan-activity;sid:81890228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.116.221.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027127/; classtype:trojan-activity;sid:81890227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.33.141.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027126/; classtype:trojan-activity;sid:81890226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.140.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027124/; classtype:trojan-activity;sid:81890224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027125)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.149.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027125/; classtype:trojan-activity;sid:81890225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.215.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027123/; classtype:trojan-activity;sid:81890223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.170.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027120/; classtype:trojan-activity;sid:81890220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.46.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027121/; classtype:trojan-activity;sid:81890221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.50.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027122/; classtype:trojan-activity;sid:81890222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.72.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027119/; classtype:trojan-activity;sid:81890219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.118.124.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027118/; classtype:trojan-activity;sid:81890218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.107.119.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027117/; classtype:trojan-activity;sid:81890217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027116)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.40.91"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027116/; classtype:trojan-activity;sid:81890216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.221.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027114/; classtype:trojan-activity;sid:81890214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.46.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027115/; classtype:trojan-activity;sid:81890215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.55.29.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027110/; classtype:trojan-activity;sid:81890210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.11.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027111/; classtype:trojan-activity;sid:81890211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.99.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027112/; classtype:trojan-activity;sid:81890212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.4.251.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027113/; classtype:trojan-activity;sid:81890213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.233.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027109/; classtype:trojan-activity;sid:81890209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.72.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027106/; classtype:trojan-activity;sid:81890206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.67.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027107/; classtype:trojan-activity;sid:81890207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.182.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027108/; classtype:trojan-activity;sid:81890208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.22.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027105/; classtype:trojan-activity;sid:81890205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.39.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027104/; classtype:trojan-activity;sid:81890204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.249.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027103/; classtype:trojan-activity;sid:81890203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.143.230.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027098/; classtype:trojan-activity;sid:81890198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.170.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027099/; classtype:trojan-activity;sid:81890199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.43.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027100/; classtype:trojan-activity;sid:81890200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.57.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027101/; classtype:trojan-activity;sid:81890201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.88.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027102/; classtype:trojan-activity;sid:81890202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.195.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027097/; classtype:trojan-activity;sid:81890197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.168.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027096/; classtype:trojan-activity;sid:81890196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.227.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027094/; classtype:trojan-activity;sid:81890194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.112.11.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027095/; classtype:trojan-activity;sid:81890195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.52.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027093/; classtype:trojan-activity;sid:81890193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.152.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027092/; classtype:trojan-activity;sid:81890192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027090)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"174.81.78.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027090/; classtype:trojan-activity;sid:81890190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.59.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027091/; classtype:trojan-activity;sid:81890191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.98.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027089/; classtype:trojan-activity;sid:81890189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.174.238.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027088/; classtype:trojan-activity;sid:81890188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.148.103.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027087/; classtype:trojan-activity;sid:81890187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.69.38.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027086/; classtype:trojan-activity;sid:81890186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.24.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027082/; classtype:trojan-activity;sid:81890182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.116.16.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027083/; classtype:trojan-activity;sid:81890183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.147.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027084/; classtype:trojan-activity;sid:81890184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.22.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027085/; classtype:trojan-activity;sid:81890185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.36.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027080/; classtype:trojan-activity;sid:81890180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.54.123.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027081/; classtype:trojan-activity;sid:81890181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.216.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027079/; classtype:trojan-activity;sid:81890179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027075)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.146.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027075/; classtype:trojan-activity;sid:81890175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.1.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027076/; classtype:trojan-activity;sid:81890176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.5.30.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027077/; classtype:trojan-activity;sid:81890177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.114.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027078/; classtype:trojan-activity;sid:81890178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.105.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027074/; classtype:trojan-activity;sid:81890174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.11.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027073/; classtype:trojan-activity;sid:81890173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.92.80.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027071/; classtype:trojan-activity;sid:81890171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.118.122.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027072/; classtype:trojan-activity;sid:81890172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.97.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027070/; classtype:trojan-activity;sid:81890170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.128.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027069/; classtype:trojan-activity;sid:81890169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.16.27.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027066/; classtype:trojan-activity;sid:81890166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.172.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027067/; classtype:trojan-activity;sid:81890167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.64.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027068/; classtype:trojan-activity;sid:81890168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.65.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027064/; classtype:trojan-activity;sid:81890164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.4.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027065/; classtype:trojan-activity;sid:81890165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.81.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027062/; classtype:trojan-activity;sid:81890162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.44.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027063/; classtype:trojan-activity;sid:81890163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.29.133.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027059/; classtype:trojan-activity;sid:81890159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.168.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027060/; classtype:trojan-activity;sid:81890160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.118.195.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027061/; classtype:trojan-activity;sid:81890161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.133.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027057/; classtype:trojan-activity;sid:81890157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.52.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027058/; classtype:trojan-activity;sid:81890158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.20.3.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027056/; classtype:trojan-activity;sid:81890156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.71.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027054/; classtype:trojan-activity;sid:81890154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027055/; classtype:trojan-activity;sid:81890155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.52.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027053/; classtype:trojan-activity;sid:81890153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.157.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027052/; classtype:trojan-activity;sid:81890152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.216.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027051/; classtype:trojan-activity;sid:81890151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.59.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027050/; classtype:trojan-activity;sid:81890150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.151.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027049/; classtype:trojan-activity;sid:81890149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.133.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027048/; classtype:trojan-activity;sid:81890148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.58.219.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027047/; classtype:trojan-activity;sid:81890147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.174.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027044/; classtype:trojan-activity;sid:81890144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027045)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1v75yg2fsbupmqe5fpkkb_kkpf_hcmg_6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027045/; classtype:trojan-activity;sid:81890145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027046)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10hu9euj-aowiarojpv6v6kiht49dwpbz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027046/; classtype:trojan-activity;sid:81890146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027039)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/813843419184365593/814034797084540958/usbkpe156.bin"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027039/; classtype:trojan-activity;sid:81890139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.63.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027040/; classtype:trojan-activity;sid:81890140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.203.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027041/; classtype:trojan-activity;sid:81890141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027042)"; flow:established,from_client; content:"GET"; http_method; content:"/dstu_qnxdbri105.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cervmp.cl"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027042/; classtype:trojan-activity;sid:81890142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027043)"; flow:established,from_client; content:"GET"; http_method; content:"/spark/binwhyte_utznzr121.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"01677937777.burrow.io"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027043/; classtype:trojan-activity;sid:81890143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.211.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027038/; classtype:trojan-activity;sid:81890138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.22.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027037/; classtype:trojan-activity;sid:81890137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027034/; classtype:trojan-activity;sid:81890134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.105.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027035/; classtype:trojan-activity;sid:81890135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.11.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027036/; classtype:trojan-activity;sid:81890136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.174.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027033/; classtype:trojan-activity;sid:81890133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.88.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027032/; classtype:trojan-activity;sid:81890132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.255.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027031/; classtype:trojan-activity;sid:81890131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027029)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.56.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027029/; classtype:trojan-activity;sid:81890129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.141.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027030/; classtype:trojan-activity;sid:81890130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.115.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027028/; classtype:trojan-activity;sid:81890128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.211.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027024/; classtype:trojan-activity;sid:81890124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.8.232.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027025/; classtype:trojan-activity;sid:81890125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.37.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027026/; classtype:trojan-activity;sid:81890126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.113.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027027/; classtype:trojan-activity;sid:81890127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027022/; classtype:trojan-activity;sid:81890122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.206.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027023/; classtype:trojan-activity;sid:81890123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.41.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027021/; classtype:trojan-activity;sid:81890121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.102.97.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027020/; classtype:trojan-activity;sid:81890120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.160.7.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027018/; classtype:trojan-activity;sid:81890118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027019)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.153.203.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027019/; classtype:trojan-activity;sid:81890119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.36.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027017/; classtype:trojan-activity;sid:81890117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027014)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.153.203.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027014/; classtype:trojan-activity;sid:81890114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027015)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.153.203.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027015/; classtype:trojan-activity;sid:81890115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027016)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.153.203.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027016/; classtype:trojan-activity;sid:81890116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027013)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/813629911653941248/814035645567205406/free_vbucks.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027013/; classtype:trojan-activity;sid:81890113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027012)"; flow:established,from_client; content:"GET"; http_method; content:"/4rusikbins.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.153.203.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027012/; classtype:trojan-activity;sid:81890112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.123.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027007/; classtype:trojan-activity;sid:81890107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027008)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027008/; classtype:trojan-activity;sid:81890108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.151.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027009/; classtype:trojan-activity;sid:81890109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.197.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027010/; classtype:trojan-activity;sid:81890110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.50.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027011/; classtype:trojan-activity;sid:81890111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.18.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027004/; classtype:trojan-activity;sid:81890104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.36.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027005/; classtype:trojan-activity;sid:81890105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.172.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027006/; classtype:trojan-activity;sid:81890106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.123.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027002/; classtype:trojan-activity;sid:81890102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.48.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027003/; classtype:trojan-activity;sid:81890103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.192.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027001/; classtype:trojan-activity;sid:81890101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1027000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.204.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1027000/; classtype:trojan-activity;sid:81890100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.15.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026995/; classtype:trojan-activity;sid:81890095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.157.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026996/; classtype:trojan-activity;sid:81890096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.28.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026997/; classtype:trojan-activity;sid:81890097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.22.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026998/; classtype:trojan-activity;sid:81890098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.46.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026999/; classtype:trojan-activity;sid:81890099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.98.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026994/; classtype:trojan-activity;sid:81890094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.88.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026993/; classtype:trojan-activity;sid:81890093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.167.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026992/; classtype:trojan-activity;sid:81890092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.240.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026991/; classtype:trojan-activity;sid:81890091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.18.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026990/; classtype:trojan-activity;sid:81890090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.183.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026988/; classtype:trojan-activity;sid:81890088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.25.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026989/; classtype:trojan-activity;sid:81890089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.126.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026986/; classtype:trojan-activity;sid:81890086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.121.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026987/; classtype:trojan-activity;sid:81890087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.191.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026985/; classtype:trojan-activity;sid:81890085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.26.36.100"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026983/; classtype:trojan-activity;sid:81890083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.43.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026984/; classtype:trojan-activity;sid:81890084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.207.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026982/; classtype:trojan-activity;sid:81890082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.240.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026981/; classtype:trojan-activity;sid:81890081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.127.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026980/; classtype:trojan-activity;sid:81890080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.241.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026978/; classtype:trojan-activity;sid:81890078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.232.155.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026979/; classtype:trojan-activity;sid:81890079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.233.221.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026977/; classtype:trojan-activity;sid:81890077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.249.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026972/; classtype:trojan-activity;sid:81890072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.122.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026973/; classtype:trojan-activity;sid:81890073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.177.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026974/; classtype:trojan-activity;sid:81890074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.154.119.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026975/; classtype:trojan-activity;sid:81890075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.147.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026976/; classtype:trojan-activity;sid:81890076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.53.55.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026971/; classtype:trojan-activity;sid:81890071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.70.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026967/; classtype:trojan-activity;sid:81890067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.41.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026968/; classtype:trojan-activity;sid:81890068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.179.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026969/; classtype:trojan-activity;sid:81890069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.91.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026970/; classtype:trojan-activity;sid:81890070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.60.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026966/; classtype:trojan-activity;sid:81890066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.127.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026965/; classtype:trojan-activity;sid:81890065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.217.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026962/; classtype:trojan-activity;sid:81890062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.181.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026963/; classtype:trojan-activity;sid:81890063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.180.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026964/; classtype:trojan-activity;sid:81890064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.213.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026960/; classtype:trojan-activity;sid:81890060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.26.11.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026961/; classtype:trojan-activity;sid:81890061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.43.182"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026959/; classtype:trojan-activity;sid:81890059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.19.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026957/; classtype:trojan-activity;sid:81890057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.244.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026958/; classtype:trojan-activity;sid:81890058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026956/; classtype:trojan-activity;sid:81890056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.160.7.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026955/; classtype:trojan-activity;sid:81890055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026954)"; flow:established,from_client; content:"GET"; http_method; content:"/hcazo.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"u.teknik.io"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026954/; classtype:trojan-activity;sid:81890054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026953)"; flow:established,from_client; content:"GET"; http_method; content:"/tfppy.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"u.teknik.io"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026953/; classtype:trojan-activity;sid:81890053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026951)"; flow:established,from_client; content:"GET"; http_method; content:"/fut/bo/vmbvrepbztilczo.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.place1.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026951/; classtype:trojan-activity;sid:81890051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026952)"; flow:established,from_client; content:"GET"; http_method; content:"/fut/dj/kgkhw5zjr1unpr5.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.place1.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026952/; classtype:trojan-activity;sid:81890052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026947)"; flow:established,from_client; content:"GET"; http_method; content:"/fut/fad/xxjrcio32zri9wz.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.place1.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026947/; classtype:trojan-activity;sid:81890047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026948)"; flow:established,from_client; content:"GET"; http_method; content:"/fut/ok/2ezokekcqkppiup.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.place1.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026948/; classtype:trojan-activity;sid:81890048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026949)"; flow:established,from_client; content:"GET"; http_method; content:"/fut/dr/bqpqvdxtcjtxcga.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.place1.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026949/; classtype:trojan-activity;sid:81890049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026950)"; flow:established,from_client; content:"GET"; http_method; content:"/fut/jas/rgueh4xst52kdoe.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.place1.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026950/; classtype:trojan-activity;sid:81890050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026946)"; flow:established,from_client; content:"GET"; http_method; content:"/fut/og/moooor.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.place1.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026946/; classtype:trojan-activity;sid:81890046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026945)"; flow:established,from_client; content:"GET"; http_method; content:"/fut/ogm/pvl5omwoljpaaa1.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.place1.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026945/; classtype:trojan-activity;sid:81890045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.80.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026944/; classtype:trojan-activity;sid:81890044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.46.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026943/; classtype:trojan-activity;sid:81890043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.5.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026941/; classtype:trojan-activity;sid:81890041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.192.151.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026942/; classtype:trojan-activity;sid:81890042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.89.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026940/; classtype:trojan-activity;sid:81890040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.194.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026939/; classtype:trojan-activity;sid:81890039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.162.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026937/; classtype:trojan-activity;sid:81890037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.198.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026938/; classtype:trojan-activity;sid:81890038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.46.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026936/; classtype:trojan-activity;sid:81890036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.160.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026934/; classtype:trojan-activity;sid:81890034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.48.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026935/; classtype:trojan-activity;sid:81890035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.165.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026933/; classtype:trojan-activity;sid:81890033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026930)"; flow:established,from_client; content:"GET"; http_method; content:"/header.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"statsdev.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026930/; classtype:trojan-activity;sid:81890030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026931)"; flow:established,from_client; content:"GET"; http_method; content:"/header.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"statssale.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026931/; classtype:trojan-activity;sid:81890031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.246.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026932/; classtype:trojan-activity;sid:81890032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026929)"; flow:established,from_client; content:"GET"; http_method; content:"/header.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"statsic.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026929/; classtype:trojan-activity;sid:81890029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026928)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=802ac8a73eec8c8e|7c|26|7c|resid=802ac8a73eec8c8e%21110|7c|26|7c|authkey=ak1w6-p-wtohrz4"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026928/; classtype:trojan-activity;sid:81890028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026927)"; flow:established,from_client; content:"GET"; http_method; content:"/spldoc/vbc.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"stdypycsslwinnerstsd.dns.army"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026927/; classtype:trojan-activity;sid:81890027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026925)"; flow:established,from_client; content:"GET"; http_method; content:"/enwol.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"u.teknik.io"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026925/; classtype:trojan-activity;sid:81890025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026926)"; flow:established,from_client; content:"GET"; http_method; content:"/arox3.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"u.teknik.io"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026926/; classtype:trojan-activity;sid:81890026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026924)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/angelx.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tunedinblog.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026924/; classtype:trojan-activity;sid:81890024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.72.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026922/; classtype:trojan-activity;sid:81890022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.150.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026923/; classtype:trojan-activity;sid:81890023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.175.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026921/; classtype:trojan-activity;sid:81890021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.93.208.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026918/; classtype:trojan-activity;sid:81890018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026919)"; flow:established,from_client; content:"GET"; http_method; content:"/2pac/v2_0_raw_kzfmircind183.bin"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"9967799882.burrow.io"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026919/; classtype:trojan-activity;sid:81890019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026920)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1afg7zbjjxmfrqskm9-1jgsciuatb7y75"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026920/; classtype:trojan-activity;sid:81890020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.204.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026917/; classtype:trojan-activity;sid:81890017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026916)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wx8v1bksmyfmjfmndtrzxokizonktyru"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026916/; classtype:trojan-activity;sid:81890016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026912)"; flow:established,from_client; content:"GET"; http_method; content:"/nn.bin"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.153.203.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026912/; classtype:trojan-activity;sid:81890012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026913)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wd6oucfsc897cssy1nobs_db7dkauue6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026913/; classtype:trojan-activity;sid:81890013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026914)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_3jaxwdkq1axvvesovxqzzijbzhn1l8i"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026914/; classtype:trojan-activity;sid:81890014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026915)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1i4ql7havuruo7dp8lte8p3zo7xng-svt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026915/; classtype:trojan-activity;sid:81890015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026909)"; flow:established,from_client; content:"GET"; http_method; content:"/jerusalem/bindons_nzswrmxyg234.bin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"63677990001.burrow.io"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026909/; classtype:trojan-activity;sid:81890009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026910)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.173.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026910/; classtype:trojan-activity;sid:81890010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.42.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026911/; classtype:trojan-activity;sid:81890011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026906)"; flow:established,from_client; content:"GET"; http_method; content:"/main/loader_gcieo140.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"siga.com.pe"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026906/; classtype:trojan-activity;sid:81890006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026907)"; flow:established,from_client; content:"GET"; http_method; content:"/back/loader_gcieo140.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"siga.com.pe"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026907/; classtype:trojan-activity;sid:81890007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026908)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.0.57.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026908/; classtype:trojan-activity;sid:81890008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026905)"; flow:established,from_client; content:"GET"; http_method; content:"/ob.bin"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.153.203.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026905/; classtype:trojan-activity;sid:81890005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026903)"; flow:established,from_client; content:"GET"; http_method; content:"/components/doxillionsetup.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.nch.com.au"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026903/; classtype:trojan-activity;sid:81890003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.4.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026904/; classtype:trojan-activity;sid:81890004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.168.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026901/; classtype:trojan-activity;sid:81890001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.173.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026902/; classtype:trojan-activity;sid:81890002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.61.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026894/; classtype:trojan-activity;sid:81889994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.163.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026895/; classtype:trojan-activity;sid:81889995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.196.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026896/; classtype:trojan-activity;sid:81889996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.116.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026897/; classtype:trojan-activity;sid:81889997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.84.44.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026898/; classtype:trojan-activity;sid:81889998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.208.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026899/; classtype:trojan-activity;sid:81889999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.183.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026900/; classtype:trojan-activity;sid:81890000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.46.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026893/; classtype:trojan-activity;sid:81889993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.95.74.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026892/; classtype:trojan-activity;sid:81889992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026891)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/809432002913763381/813850580023115786/pof_and_listingspdf.iso"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026891/; classtype:trojan-activity;sid:81889991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026885)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.153.203.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026885/; classtype:trojan-activity;sid:81889985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026886)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.153.203.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026886/; classtype:trojan-activity;sid:81889986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026887)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.153.203.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026887/; classtype:trojan-activity;sid:81889987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026888)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.153.203.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026888/; classtype:trojan-activity;sid:81889988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026889)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.153.203.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026889/; classtype:trojan-activity;sid:81889989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026890)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.153.203.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026890/; classtype:trojan-activity;sid:81889990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.243.168.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026884/; classtype:trojan-activity;sid:81889984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.53.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026883/; classtype:trojan-activity;sid:81889983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.15.91.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026882/; classtype:trojan-activity;sid:81889982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.193.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026881/; classtype:trojan-activity;sid:81889981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.64.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026880/; classtype:trojan-activity;sid:81889980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.105.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026876/; classtype:trojan-activity;sid:81889976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.123.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026877/; classtype:trojan-activity;sid:81889977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.169.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026878/; classtype:trojan-activity;sid:81889978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.118.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026879/; classtype:trojan-activity;sid:81889979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.121.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026875/; classtype:trojan-activity;sid:81889975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.12.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026874/; classtype:trojan-activity;sid:81889974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.246.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026872/; classtype:trojan-activity;sid:81889972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.118.4.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026873/; classtype:trojan-activity;sid:81889973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.153.154.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026869/; classtype:trojan-activity;sid:81889969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.156.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026870/; classtype:trojan-activity;sid:81889970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026871)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.240.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026871/; classtype:trojan-activity;sid:81889971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.0.49.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026868/; classtype:trojan-activity;sid:81889968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.98.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026867/; classtype:trojan-activity;sid:81889967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.96.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026866/; classtype:trojan-activity;sid:81889966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.46.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026865/; classtype:trojan-activity;sid:81889965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.164.138.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026864/; classtype:trojan-activity;sid:81889964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.144.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026862/; classtype:trojan-activity;sid:81889962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.236.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026863/; classtype:trojan-activity;sid:81889963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.185.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026861/; classtype:trojan-activity;sid:81889961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.247.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026860/; classtype:trojan-activity;sid:81889960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.91.245.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026859/; classtype:trojan-activity;sid:81889959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.160.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026857/; classtype:trojan-activity;sid:81889957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.93.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026858/; classtype:trojan-activity;sid:81889958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.121.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026856/; classtype:trojan-activity;sid:81889956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.161.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026855/; classtype:trojan-activity;sid:81889955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.183.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026854/; classtype:trojan-activity;sid:81889954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.127.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026850/; classtype:trojan-activity;sid:81889950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.52.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026851/; classtype:trojan-activity;sid:81889951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.17.119.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026852/; classtype:trojan-activity;sid:81889952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.249.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026853/; classtype:trojan-activity;sid:81889953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026846)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.232.132.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026846/; classtype:trojan-activity;sid:81889946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026847)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"165.232.132.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026847/; classtype:trojan-activity;sid:81889947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026848)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.232.132.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026848/; classtype:trojan-activity;sid:81889948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026849)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"165.232.132.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026849/; classtype:trojan-activity;sid:81889949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026844)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.232.132.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026844/; classtype:trojan-activity;sid:81889944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026845)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"165.232.132.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026845/; classtype:trojan-activity;sid:81889945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.208.71.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026843/; classtype:trojan-activity;sid:81889943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.183.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026842/; classtype:trojan-activity;sid:81889942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.33.123.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026841/; classtype:trojan-activity;sid:81889941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.24.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026840/; classtype:trojan-activity;sid:81889940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026839)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.232.132.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026839/; classtype:trojan-activity;sid:81889939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026836)"; flow:established,from_client; content:"GET"; http_method; content:"/yoyobins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"165.232.132.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026836/; classtype:trojan-activity;sid:81889936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026837)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"165.232.132.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026837/; classtype:trojan-activity;sid:81889937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026838)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"165.232.132.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026838/; classtype:trojan-activity;sid:81889938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026835)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.3.48.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026835/; classtype:trojan-activity;sid:81889935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.248.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026833/; classtype:trojan-activity;sid:81889933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026834)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.104.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026834/; classtype:trojan-activity;sid:81889934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.51.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026832/; classtype:trojan-activity;sid:81889932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.180.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026830/; classtype:trojan-activity;sid:81889930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.67.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026831/; classtype:trojan-activity;sid:81889931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026828/; classtype:trojan-activity;sid:81889928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.24.100.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026829/; classtype:trojan-activity;sid:81889929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.123.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026827/; classtype:trojan-activity;sid:81889927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.12.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026825/; classtype:trojan-activity;sid:81889925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.30.38.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026826/; classtype:trojan-activity;sid:81889926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.183.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026824/; classtype:trojan-activity;sid:81889924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.89.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026823/; classtype:trojan-activity;sid:81889923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.186.39.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026822/; classtype:trojan-activity;sid:81889922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.248.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026821/; classtype:trojan-activity;sid:81889921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.238.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026814/; classtype:trojan-activity;sid:81889914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.89.79.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026815/; classtype:trojan-activity;sid:81889915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.43.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026816/; classtype:trojan-activity;sid:81889916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.7.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026817/; classtype:trojan-activity;sid:81889917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.82.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026818/; classtype:trojan-activity;sid:81889918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.105.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026819/; classtype:trojan-activity;sid:81889919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.99.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026820/; classtype:trojan-activity;sid:81889920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.11.194.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026813/; classtype:trojan-activity;sid:81889913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.175.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026811/; classtype:trojan-activity;sid:81889911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.42.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026812/; classtype:trojan-activity;sid:81889912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.127.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026810/; classtype:trojan-activity;sid:81889910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.29.26.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026809/; classtype:trojan-activity;sid:81889909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.188.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026808/; classtype:trojan-activity;sid:81889908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.107.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026807/; classtype:trojan-activity;sid:81889907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.49.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026806/; classtype:trojan-activity;sid:81889906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.64.115.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026805/; classtype:trojan-activity;sid:81889905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.191.49.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026804/; classtype:trojan-activity;sid:81889904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.23.236.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026803/; classtype:trojan-activity;sid:81889903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.18.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026801/; classtype:trojan-activity;sid:81889901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.45.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026802/; classtype:trojan-activity;sid:81889902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.208.71.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026800/; classtype:trojan-activity;sid:81889900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.185.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026798/; classtype:trojan-activity;sid:81889898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.227.100.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026799/; classtype:trojan-activity;sid:81889899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.204.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026793/; classtype:trojan-activity;sid:81889893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.97.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026794/; classtype:trojan-activity;sid:81889894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.84.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026795/; classtype:trojan-activity;sid:81889895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.42.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026796/; classtype:trojan-activity;sid:81889896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.61.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026797/; classtype:trojan-activity;sid:81889897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.89.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026792/; classtype:trojan-activity;sid:81889892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.38.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026791/; classtype:trojan-activity;sid:81889891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.5.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026790/; classtype:trojan-activity;sid:81889890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.141.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026789/; classtype:trojan-activity;sid:81889889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.107.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026788/; classtype:trojan-activity;sid:81889888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.44.106"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026786/; classtype:trojan-activity;sid:81889886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.107.133.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026787/; classtype:trojan-activity;sid:81889887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.91.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026782/; classtype:trojan-activity;sid:81889882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.40.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026783/; classtype:trojan-activity;sid:81889883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.137.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026784/; classtype:trojan-activity;sid:81889884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.97.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026785/; classtype:trojan-activity;sid:81889885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.71.21.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026781/; classtype:trojan-activity;sid:81889881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.6.197.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026780/; classtype:trojan-activity;sid:81889880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.47.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026779/; classtype:trojan-activity;sid:81889879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.5.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026778/; classtype:trojan-activity;sid:81889878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.223.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026777/; classtype:trojan-activity;sid:81889877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.114.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026776/; classtype:trojan-activity;sid:81889876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.105.17.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026775/; classtype:trojan-activity;sid:81889875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026774)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.41.137.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026774/; classtype:trojan-activity;sid:81889874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.215.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026773/; classtype:trojan-activity;sid:81889873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026769)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"143.110.210.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026769/; classtype:trojan-activity;sid:81889869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026770)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"143.110.210.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026770/; classtype:trojan-activity;sid:81889870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.141.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026771/; classtype:trojan-activity;sid:81889871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026772)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"143.110.210.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026772/; classtype:trojan-activity;sid:81889872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026762)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"143.110.210.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026762/; classtype:trojan-activity;sid:81889862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026763)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"143.110.210.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026763/; classtype:trojan-activity;sid:81889863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026764)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"143.110.210.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026764/; classtype:trojan-activity;sid:81889864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026765)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"143.110.210.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026765/; classtype:trojan-activity;sid:81889865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026766)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"143.110.210.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026766/; classtype:trojan-activity;sid:81889866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026767)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"143.110.210.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026767/; classtype:trojan-activity;sid:81889867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026768)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"143.110.210.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026768/; classtype:trojan-activity;sid:81889868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.48.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026761/; classtype:trojan-activity;sid:81889861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.212.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026756/; classtype:trojan-activity;sid:81889856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.104.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026757/; classtype:trojan-activity;sid:81889857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.210.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026758/; classtype:trojan-activity;sid:81889858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.105.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026759/; classtype:trojan-activity;sid:81889859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.45.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026760/; classtype:trojan-activity;sid:81889860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.36.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026754/; classtype:trojan-activity;sid:81889854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.6.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026755/; classtype:trojan-activity;sid:81889855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.244.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026753/; classtype:trojan-activity;sid:81889853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.80.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026751/; classtype:trojan-activity;sid:81889851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.131.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026752/; classtype:trojan-activity;sid:81889852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.139.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026750/; classtype:trojan-activity;sid:81889850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.28.78.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026749/; classtype:trojan-activity;sid:81889849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.222.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026746/; classtype:trojan-activity;sid:81889846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.219.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026747/; classtype:trojan-activity;sid:81889847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.69.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026748/; classtype:trojan-activity;sid:81889848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.96.139.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026745/; classtype:trojan-activity;sid:81889845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.53.55.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026743/; classtype:trojan-activity;sid:81889843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.247.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026744/; classtype:trojan-activity;sid:81889844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.221.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026742/; classtype:trojan-activity;sid:81889842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.114.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026741/; classtype:trojan-activity;sid:81889841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.188.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026740/; classtype:trojan-activity;sid:81889840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.104.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026739/; classtype:trojan-activity;sid:81889839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.70.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026738/; classtype:trojan-activity;sid:81889838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.104.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026732/; classtype:trojan-activity;sid:81889832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.117.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026733/; classtype:trojan-activity;sid:81889833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.120.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026734/; classtype:trojan-activity;sid:81889834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.67.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026735/; classtype:trojan-activity;sid:81889835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.72.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026736/; classtype:trojan-activity;sid:81889836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.194.235.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026737/; classtype:trojan-activity;sid:81889837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.28.78.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026729/; classtype:trojan-activity;sid:81889829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.230.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026730/; classtype:trojan-activity;sid:81889830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.196.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026731/; classtype:trojan-activity;sid:81889831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026728)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.135.8.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026728/; classtype:trojan-activity;sid:81889828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.221.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026727/; classtype:trojan-activity;sid:81889827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.213.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026726/; classtype:trojan-activity;sid:81889826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.215.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026725/; classtype:trojan-activity;sid:81889825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.5.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026723/; classtype:trojan-activity;sid:81889823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.137.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026724/; classtype:trojan-activity;sid:81889824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.79.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026722/; classtype:trojan-activity;sid:81889822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.166.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026721/; classtype:trojan-activity;sid:81889821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.168.251.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026720/; classtype:trojan-activity;sid:81889820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.255.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026719/; classtype:trojan-activity;sid:81889819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.230.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026718/; classtype:trojan-activity;sid:81889818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.208.0.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026717/; classtype:trojan-activity;sid:81889817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.169.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026715/; classtype:trojan-activity;sid:81889815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.104.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026716/; classtype:trojan-activity;sid:81889816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.191.205.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026711/; classtype:trojan-activity;sid:81889811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.186.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026712/; classtype:trojan-activity;sid:81889812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.76.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026713/; classtype:trojan-activity;sid:81889813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.95.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026714/; classtype:trojan-activity;sid:81889814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.104.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026706/; classtype:trojan-activity;sid:81889806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.37.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026707/; classtype:trojan-activity;sid:81889807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.166.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026708/; classtype:trojan-activity;sid:81889808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.75.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026709/; classtype:trojan-activity;sid:81889809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.173.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026710/; classtype:trojan-activity;sid:81889810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.104.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026704/; classtype:trojan-activity;sid:81889804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.69.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026705/; classtype:trojan-activity;sid:81889805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026702/; classtype:trojan-activity;sid:81889802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.129.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026703/; classtype:trojan-activity;sid:81889803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.213.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026701/; classtype:trojan-activity;sid:81889801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.89.140.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026700/; classtype:trojan-activity;sid:81889800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.212.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026699/; classtype:trojan-activity;sid:81889799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.167.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026695/; classtype:trojan-activity;sid:81889795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.18.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026696/; classtype:trojan-activity;sid:81889796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.47.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026697/; classtype:trojan-activity;sid:81889797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.212.195.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026698/; classtype:trojan-activity;sid:81889798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.171.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026694/; classtype:trojan-activity;sid:81889794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.45.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026692/; classtype:trojan-activity;sid:81889792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.112.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026693/; classtype:trojan-activity;sid:81889793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.28.48.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026687/; classtype:trojan-activity;sid:81889787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.119.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026688/; classtype:trojan-activity;sid:81889788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026689)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.5.1.0"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026689/; classtype:trojan-activity;sid:81889789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.3.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026690/; classtype:trojan-activity;sid:81889790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026691)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.163.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026691/; classtype:trojan-activity;sid:81889791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.139.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026686/; classtype:trojan-activity;sid:81889786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.53.55.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026685/; classtype:trojan-activity;sid:81889785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.51.174.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026684/; classtype:trojan-activity;sid:81889784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026683/; classtype:trojan-activity;sid:81889783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.176.166.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026682/; classtype:trojan-activity;sid:81889782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026681/; classtype:trojan-activity;sid:81889781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.210.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026680/; classtype:trojan-activity;sid:81889780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.61.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026676/; classtype:trojan-activity;sid:81889776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.26.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026677/; classtype:trojan-activity;sid:81889777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.60.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026678/; classtype:trojan-activity;sid:81889778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.172.175.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026679/; classtype:trojan-activity;sid:81889779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.183.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026674/; classtype:trojan-activity;sid:81889774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.125.114.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026675/; classtype:trojan-activity;sid:81889775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.150.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026673/; classtype:trojan-activity;sid:81889773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026672)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.127.124.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026672/; classtype:trojan-activity;sid:81889772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026671)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.166.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026671/; classtype:trojan-activity;sid:81889771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.21.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026670/; classtype:trojan-activity;sid:81889770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.1.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026668/; classtype:trojan-activity;sid:81889768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"173.16.28.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026669/; classtype:trojan-activity;sid:81889769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.73.153.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026667/; classtype:trojan-activity;sid:81889767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.123.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026666/; classtype:trojan-activity;sid:81889766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.192.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026665/; classtype:trojan-activity;sid:81889765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.161.232.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026661/; classtype:trojan-activity;sid:81889761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.164.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026662/; classtype:trojan-activity;sid:81889762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.7.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026663/; classtype:trojan-activity;sid:81889763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.99.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026664/; classtype:trojan-activity;sid:81889764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.188.241.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026659/; classtype:trojan-activity;sid:81889759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.65.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026660/; classtype:trojan-activity;sid:81889760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.169.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026655/; classtype:trojan-activity;sid:81889755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.140.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026656/; classtype:trojan-activity;sid:81889756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.94.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026657/; classtype:trojan-activity;sid:81889757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.172.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026658/; classtype:trojan-activity;sid:81889758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.98.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026651/; classtype:trojan-activity;sid:81889751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.99.177.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026652/; classtype:trojan-activity;sid:81889752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.12.63.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026653/; classtype:trojan-activity;sid:81889753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.178.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026654/; classtype:trojan-activity;sid:81889754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.168.30.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026647/; classtype:trojan-activity;sid:81889747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.224.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026648/; classtype:trojan-activity;sid:81889748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.28.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026649/; classtype:trojan-activity;sid:81889749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.204.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026650/; classtype:trojan-activity;sid:81889750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.124.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026646/; classtype:trojan-activity;sid:81889746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.8.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026645/; classtype:trojan-activity;sid:81889745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.183.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026644/; classtype:trojan-activity;sid:81889744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.252.178.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026641/; classtype:trojan-activity;sid:81889741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.205.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026642/; classtype:trojan-activity;sid:81889742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.216.243.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026643/; classtype:trojan-activity;sid:81889743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.104.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026639/; classtype:trojan-activity;sid:81889739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.51.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026640/; classtype:trojan-activity;sid:81889740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.12.232.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026633/; classtype:trojan-activity;sid:81889733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.4.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026634/; classtype:trojan-activity;sid:81889734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.198.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026635/; classtype:trojan-activity;sid:81889735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026636)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.183.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026636/; classtype:trojan-activity;sid:81889736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.160.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026637/; classtype:trojan-activity;sid:81889737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.162.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026638/; classtype:trojan-activity;sid:81889738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.73.188.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026632/; classtype:trojan-activity;sid:81889732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.250.102.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026631/; classtype:trojan-activity;sid:81889731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.131.186.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026630/; classtype:trojan-activity;sid:81889730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026628/; classtype:trojan-activity;sid:81889728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026629/; classtype:trojan-activity;sid:81889729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.162.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026627/; classtype:trojan-activity;sid:81889727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.201.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026622/; classtype:trojan-activity;sid:81889722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.118.251.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026623/; classtype:trojan-activity;sid:81889723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.210.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026624/; classtype:trojan-activity;sid:81889724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.156.201.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026625/; classtype:trojan-activity;sid:81889725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.66.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026626/; classtype:trojan-activity;sid:81889726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.22.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026621/; classtype:trojan-activity;sid:81889721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026619)"; flow:established,from_client; content:"GET"; http_method; content:"/suk.out.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.163.127.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026619/; classtype:trojan-activity;sid:81889719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026620)"; flow:established,from_client; content:"GET"; http_method; content:"/suk.out.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.163.127.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026620/; classtype:trojan-activity;sid:81889720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.124.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026618/; classtype:trojan-activity;sid:81889718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.100.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026617/; classtype:trojan-activity;sid:81889717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.177.243.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026616/; classtype:trojan-activity;sid:81889716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.89.140.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026615/; classtype:trojan-activity;sid:81889715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.63.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026614/; classtype:trojan-activity;sid:81889714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.158.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026611/; classtype:trojan-activity;sid:81889711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.81.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026612/; classtype:trojan-activity;sid:81889712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.140.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026613/; classtype:trojan-activity;sid:81889713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.207.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026605/; classtype:trojan-activity;sid:81889705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.76.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026606/; classtype:trojan-activity;sid:81889706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.123.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026607/; classtype:trojan-activity;sid:81889707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.56.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026608/; classtype:trojan-activity;sid:81889708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.69.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026609/; classtype:trojan-activity;sid:81889709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.169.102.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026610/; classtype:trojan-activity;sid:81889710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026604)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.spc"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"192.227.220.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026604/; classtype:trojan-activity;sid:81889704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.90.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026603/; classtype:trojan-activity;sid:81889703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.250.102.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026602/; classtype:trojan-activity;sid:81889702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.103.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026601/; classtype:trojan-activity;sid:81889701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.93.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026598/; classtype:trojan-activity;sid:81889698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.182.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026599/; classtype:trojan-activity;sid:81889699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.5.28.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026600/; classtype:trojan-activity;sid:81889700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.91.237.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026597/; classtype:trojan-activity;sid:81889697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.196.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026593/; classtype:trojan-activity;sid:81889693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.22.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026594/; classtype:trojan-activity;sid:81889694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.71.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026595/; classtype:trojan-activity;sid:81889695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.227.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026596/; classtype:trojan-activity;sid:81889696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.109.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026592/; classtype:trojan-activity;sid:81889692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026590)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026590/; classtype:trojan-activity;sid:81889690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026591)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026591/; classtype:trojan-activity;sid:81889691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026585)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026585/; classtype:trojan-activity;sid:81889685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026586)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026586/; classtype:trojan-activity;sid:81889686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026587)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026587/; classtype:trojan-activity;sid:81889687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026588)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026588/; classtype:trojan-activity;sid:81889688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026589)"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"198.23.229.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026589/; classtype:trojan-activity;sid:81889689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.45.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026584/; classtype:trojan-activity;sid:81889684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.180.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026583/; classtype:trojan-activity;sid:81889683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.106.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026576/; classtype:trojan-activity;sid:81889676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.36.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026577/; classtype:trojan-activity;sid:81889677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.208.154.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026578/; classtype:trojan-activity;sid:81889678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.46.255"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026579/; classtype:trojan-activity;sid:81889679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.114.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026580/; classtype:trojan-activity;sid:81889680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.55.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026581/; classtype:trojan-activity;sid:81889681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.110.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026582/; classtype:trojan-activity;sid:81889682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.196.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026574/; classtype:trojan-activity;sid:81889674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.38.46.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026575/; classtype:trojan-activity;sid:81889675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.247.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026570/; classtype:trojan-activity;sid:81889670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.99.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026571/; classtype:trojan-activity;sid:81889671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.211.133.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026572/; classtype:trojan-activity;sid:81889672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.149.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026573/; classtype:trojan-activity;sid:81889673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.113.161.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026568/; classtype:trojan-activity;sid:81889668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.217.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026569/; classtype:trojan-activity;sid:81889669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.10.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026567/; classtype:trojan-activity;sid:81889667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026565)"; flow:established,from_client; content:"GET"; http_method; content:"/suk.out.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"102.130.115.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026565/; classtype:trojan-activity;sid:81889665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026566)"; flow:established,from_client; content:"GET"; http_method; content:"/suk.out.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"102.130.115.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026566/; classtype:trojan-activity;sid:81889666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.174.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026564/; classtype:trojan-activity;sid:81889664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.119.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026563/; classtype:trojan-activity;sid:81889663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.204.149.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026562/; classtype:trojan-activity;sid:81889662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.122.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026556/; classtype:trojan-activity;sid:81889656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.18.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026557/; classtype:trojan-activity;sid:81889657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.170.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026558/; classtype:trojan-activity;sid:81889658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.230.71.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026559/; classtype:trojan-activity;sid:81889659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.196.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026560/; classtype:trojan-activity;sid:81889660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.235.137.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026561/; classtype:trojan-activity;sid:81889661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.116.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026555/; classtype:trojan-activity;sid:81889655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.42.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026554/; classtype:trojan-activity;sid:81889654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.10.93.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026548/; classtype:trojan-activity;sid:81889648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.121.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026549/; classtype:trojan-activity;sid:81889649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.153.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026550/; classtype:trojan-activity;sid:81889650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.225.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026551/; classtype:trojan-activity;sid:81889651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.50.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026552/; classtype:trojan-activity;sid:81889652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.169.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026553/; classtype:trojan-activity;sid:81889653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.49.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026547/; classtype:trojan-activity;sid:81889647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.246.97.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026546/; classtype:trojan-activity;sid:81889646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.205.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026545/; classtype:trojan-activity;sid:81889645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.43.11.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026543/; classtype:trojan-activity;sid:81889643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.37.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026544/; classtype:trojan-activity;sid:81889644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.66.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026541/; classtype:trojan-activity;sid:81889641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.56.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026542/; classtype:trojan-activity;sid:81889642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.60.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026537/; classtype:trojan-activity;sid:81889637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.30.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026538/; classtype:trojan-activity;sid:81889638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.209.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026539/; classtype:trojan-activity;sid:81889639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.65.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026540/; classtype:trojan-activity;sid:81889640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.76.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026536/; classtype:trojan-activity;sid:81889636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.174.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026533/; classtype:trojan-activity;sid:81889633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.80.213.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026534/; classtype:trojan-activity;sid:81889634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.194.128.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026535/; classtype:trojan-activity;sid:81889635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.17.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026532/; classtype:trojan-activity;sid:81889632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.160.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026531/; classtype:trojan-activity;sid:81889631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.213.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026530/; classtype:trojan-activity;sid:81889630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.99.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026529/; classtype:trojan-activity;sid:81889629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.161.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026528/; classtype:trojan-activity;sid:81889628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.45.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026526/; classtype:trojan-activity;sid:81889626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.162.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026527/; classtype:trojan-activity;sid:81889627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.46.146.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026523/; classtype:trojan-activity;sid:81889623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.248.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026524/; classtype:trojan-activity;sid:81889624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.216.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026525/; classtype:trojan-activity;sid:81889625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.54.116.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026521/; classtype:trojan-activity;sid:81889621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.189.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026522/; classtype:trojan-activity;sid:81889622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.152.34.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026520/; classtype:trojan-activity;sid:81889620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.160.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026519/; classtype:trojan-activity;sid:81889619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.199.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026518/; classtype:trojan-activity;sid:81889618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.94.1"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026516/; classtype:trojan-activity;sid:81889616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.89.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026517/; classtype:trojan-activity;sid:81889617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.59.27.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026515/; classtype:trojan-activity;sid:81889615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.171.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026514/; classtype:trojan-activity;sid:81889614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.166.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026512/; classtype:trojan-activity;sid:81889612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.210.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026513/; classtype:trojan-activity;sid:81889613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.247.200.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026510/; classtype:trojan-activity;sid:81889610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.30.110.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026511/; classtype:trojan-activity;sid:81889611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.127.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026509/; classtype:trojan-activity;sid:81889609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.80.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026508/; classtype:trojan-activity;sid:81889608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.56.114.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026507/; classtype:trojan-activity;sid:81889607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.203.77.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026506/; classtype:trojan-activity;sid:81889606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.152.34.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026504/; classtype:trojan-activity;sid:81889604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.183.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026505/; classtype:trojan-activity;sid:81889605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.33.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026500/; classtype:trojan-activity;sid:81889600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.252.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026501/; classtype:trojan-activity;sid:81889601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.81.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026502/; classtype:trojan-activity;sid:81889602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.182.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026503/; classtype:trojan-activity;sid:81889603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.100.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026497/; classtype:trojan-activity;sid:81889597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.42.206.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026498/; classtype:trojan-activity;sid:81889598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.21.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026499/; classtype:trojan-activity;sid:81889599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.104.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026493/; classtype:trojan-activity;sid:81889593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.78.39.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026494/; classtype:trojan-activity;sid:81889594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.118.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026495/; classtype:trojan-activity;sid:81889595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.93.79.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026496/; classtype:trojan-activity;sid:81889596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.162.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026491/; classtype:trojan-activity;sid:81889591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.4.230.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026492/; classtype:trojan-activity;sid:81889592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.93.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026490/; classtype:trojan-activity;sid:81889590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.64.163.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026489/; classtype:trojan-activity;sid:81889589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026486)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.mpsl"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"192.227.220.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026486/; classtype:trojan-activity;sid:81889586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026487)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.arm"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"192.227.220.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026487/; classtype:trojan-activity;sid:81889587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026488)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.m68k"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"192.227.220.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026488/; classtype:trojan-activity;sid:81889588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026482)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.ppc"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"192.227.220.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026482/; classtype:trojan-activity;sid:81889582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026483)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.x86"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"192.227.220.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026483/; classtype:trojan-activity;sid:81889583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026484)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.arm5"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"192.227.220.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026484/; classtype:trojan-activity;sid:81889584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026485)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.arm6"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"192.227.220.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026485/; classtype:trojan-activity;sid:81889585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026479)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.arm7"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"192.227.220.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026479/; classtype:trojan-activity;sid:81889579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026480)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.mips"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"192.227.220.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026480/; classtype:trojan-activity;sid:81889580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026481)"; flow:established,from_client; content:"GET"; http_method; content:"/5311qjmikurawepedalnqmashrabotatuk61119123c/infn.sh4"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"192.227.220.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026481/; classtype:trojan-activity;sid:81889581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026478/; classtype:trojan-activity;sid:81889578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.191.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026477/; classtype:trojan-activity;sid:81889577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.118.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026475/; classtype:trojan-activity;sid:81889575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.103.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026476/; classtype:trojan-activity;sid:81889576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.46.14.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026474/; classtype:trojan-activity;sid:81889574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.255.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026472/; classtype:trojan-activity;sid:81889572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026473)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.15.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026473/; classtype:trojan-activity;sid:81889573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.78.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026469/; classtype:trojan-activity;sid:81889569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.67.63.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026470/; classtype:trojan-activity;sid:81889570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026471/; classtype:trojan-activity;sid:81889571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.64.163.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026468/; classtype:trojan-activity;sid:81889568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.12.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026467/; classtype:trojan-activity;sid:81889567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.12.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026466/; classtype:trojan-activity;sid:81889566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026465)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/megamenu-pro/fonts/custom/ixnyo5prdic2k.php"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"negara-store.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026465/; classtype:trojan-activity;sid:81889565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026464)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/themes/inlite/hqfvfwoklw4qb.php"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"leavesofgooddeeds.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026464/; classtype:trojan-activity;sid:81889564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026463)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/one-page-express/customizer/kirki/includes/output/property/llsbdj41ythbnei.php"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"klimmen.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026463/; classtype:trojan-activity;sid:81889563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026461)"; flow:established,from_client; content:"GET"; http_method; content:"/cpguzbuu.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"amazecorp.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026461/; classtype:trojan-activity;sid:81889561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026462)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyfourteen/genericons/font/c79ziuwf.php"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"carlos-anigstein.com.ar"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026462/; classtype:trojan-activity;sid:81889562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026457)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/woocommerce/src/admin/msbwurqmgp4.php"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"www.dreamworldjdp.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026457/; classtype:trojan-activity;sid:81889557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026458)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/members/addons/members-acf-integration/mviu5c4mp.php"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"gesdoc.fda.com.pe"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026458/; classtype:trojan-activity;sid:81889558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.40.82.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026459/; classtype:trojan-activity;sid:81889559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026460)"; flow:established,from_client; content:"GET"; http_method; content:"/r74myqeooxw.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"barefootmind.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026460/; classtype:trojan-activity;sid:81889560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.250.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026455/; classtype:trojan-activity;sid:81889555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.38.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026456/; classtype:trojan-activity;sid:81889556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.51.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026451/; classtype:trojan-activity;sid:81889551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026452)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.52.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026452/; classtype:trojan-activity;sid:81889552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.104.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026453/; classtype:trojan-activity;sid:81889553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.117.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026454/; classtype:trojan-activity;sid:81889554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.148.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026449/; classtype:trojan-activity;sid:81889549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.92.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026450/; classtype:trojan-activity;sid:81889550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.115.73.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026448/; classtype:trojan-activity;sid:81889548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.200.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026446/; classtype:trojan-activity;sid:81889546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.74.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026447/; classtype:trojan-activity;sid:81889547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026444)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.84.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026444/; classtype:trojan-activity;sid:81889544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026445)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.225.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026445/; classtype:trojan-activity;sid:81889545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.156.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026442/; classtype:trojan-activity;sid:81889542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026443)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.58.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026443/; classtype:trojan-activity;sid:81889543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.118.205.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026441/; classtype:trojan-activity;sid:81889541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.95.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026440/; classtype:trojan-activity;sid:81889540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.160.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026438/; classtype:trojan-activity;sid:81889538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.117.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026439/; classtype:trojan-activity;sid:81889539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.63.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026436/; classtype:trojan-activity;sid:81889536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.70.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026437/; classtype:trojan-activity;sid:81889537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.114.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026435/; classtype:trojan-activity;sid:81889535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.232.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026434/; classtype:trojan-activity;sid:81889534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.248.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026431/; classtype:trojan-activity;sid:81889531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.212.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026432/; classtype:trojan-activity;sid:81889532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026433)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.207.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026433/; classtype:trojan-activity;sid:81889533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.93.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026428/; classtype:trojan-activity;sid:81889528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.179.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026429/; classtype:trojan-activity;sid:81889529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.81.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026430/; classtype:trojan-activity;sid:81889530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026427)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.37.222.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_24; reference:url, urlhaus.abuse.ch/url/1026427/; classtype:trojan-activity;sid:81889527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.85.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026424/; classtype:trojan-activity;sid:81889524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.171.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026425/; classtype:trojan-activity;sid:81889525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.49.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026426/; classtype:trojan-activity;sid:81889526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.168.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026421/; classtype:trojan-activity;sid:81889521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026422)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.187.202.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026422/; classtype:trojan-activity;sid:81889522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.26.33.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026423/; classtype:trojan-activity;sid:81889523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.4.27.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026418/; classtype:trojan-activity;sid:81889518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.25.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026419/; classtype:trojan-activity;sid:81889519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.165.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026420/; classtype:trojan-activity;sid:81889520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.250.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026416/; classtype:trojan-activity;sid:81889516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.83.134.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026417/; classtype:trojan-activity;sid:81889517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.170.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026414/; classtype:trojan-activity;sid:81889514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.140.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026415/; classtype:trojan-activity;sid:81889515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.171.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026413/; classtype:trojan-activity;sid:81889513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.69.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026410/; classtype:trojan-activity;sid:81889510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"139.190.238.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026411/; classtype:trojan-activity;sid:81889511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.80.249.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026412/; classtype:trojan-activity;sid:81889512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.27.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026409/; classtype:trojan-activity;sid:81889509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.94.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026408/; classtype:trojan-activity;sid:81889508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026407)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bin.rippr.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026407/; classtype:trojan-activity;sid:81889507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.128.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026406/; classtype:trojan-activity;sid:81889506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026404)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.236.236.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026404/; classtype:trojan-activity;sid:81889504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026405)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.180.142.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026405/; classtype:trojan-activity;sid:81889505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.94.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026403/; classtype:trojan-activity;sid:81889503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.76.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026401/; classtype:trojan-activity;sid:81889501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.158.71.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026402/; classtype:trojan-activity;sid:81889502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.41.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026400/; classtype:trojan-activity;sid:81889500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.136.249.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026399/; classtype:trojan-activity;sid:81889499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.161.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026397/; classtype:trojan-activity;sid:81889497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.52.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026398/; classtype:trojan-activity;sid:81889498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.216.216.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026396/; classtype:trojan-activity;sid:81889496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.86.176.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026395/; classtype:trojan-activity;sid:81889495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.120.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026394/; classtype:trojan-activity;sid:81889494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.166.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026393/; classtype:trojan-activity;sid:81889493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.66.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026392/; classtype:trojan-activity;sid:81889492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.162.183.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026391/; classtype:trojan-activity;sid:81889491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.249.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026388/; classtype:trojan-activity;sid:81889488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.41.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026389/; classtype:trojan-activity;sid:81889489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.118.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026390/; classtype:trojan-activity;sid:81889490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.76.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026386/; classtype:trojan-activity;sid:81889486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.43.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026387/; classtype:trojan-activity;sid:81889487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.123.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026385/; classtype:trojan-activity;sid:81889485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026384)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.142.93.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026384/; classtype:trojan-activity;sid:81889484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.181.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026383/; classtype:trojan-activity;sid:81889483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"143.255.128.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026381/; classtype:trojan-activity;sid:81889481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.91.21.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026382/; classtype:trojan-activity;sid:81889482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.166.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026380/; classtype:trojan-activity;sid:81889480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.229.240.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026379/; classtype:trojan-activity;sid:81889479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.120.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026377/; classtype:trojan-activity;sid:81889477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.190.132.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026378/; classtype:trojan-activity;sid:81889478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.120.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026376/; classtype:trojan-activity;sid:81889476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.66.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026375/; classtype:trojan-activity;sid:81889475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.225.88.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026374/; classtype:trojan-activity;sid:81889474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.123.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026373/; classtype:trojan-activity;sid:81889473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026372/; classtype:trojan-activity;sid:81889472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.62.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026371/; classtype:trojan-activity;sid:81889471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.88.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026370/; classtype:trojan-activity;sid:81889470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.167.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026367/; classtype:trojan-activity;sid:81889467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.104.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026368/; classtype:trojan-activity;sid:81889468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.125.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026369/; classtype:trojan-activity;sid:81889469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.234.226.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026366/; classtype:trojan-activity;sid:81889466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.10.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026365/; classtype:trojan-activity;sid:81889465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.250.102.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026364/; classtype:trojan-activity;sid:81889464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.22.206.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026363/; classtype:trojan-activity;sid:81889463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.91.245.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026362/; classtype:trojan-activity;sid:81889462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.180.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026361/; classtype:trojan-activity;sid:81889461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.36.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026360/; classtype:trojan-activity;sid:81889460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.83.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026359/; classtype:trojan-activity;sid:81889459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.82.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026352/; classtype:trojan-activity;sid:81889452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026353)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.164.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026353/; classtype:trojan-activity;sid:81889453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.87.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026354/; classtype:trojan-activity;sid:81889454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.223.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026355/; classtype:trojan-activity;sid:81889455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.63.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026356/; classtype:trojan-activity;sid:81889456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.97.206.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026357/; classtype:trojan-activity;sid:81889457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026358/; classtype:trojan-activity;sid:81889458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.89.59.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026350/; classtype:trojan-activity;sid:81889450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.36.159.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026351/; classtype:trojan-activity;sid:81889451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.177.243.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026349/; classtype:trojan-activity;sid:81889449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.33.116.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026347/; classtype:trojan-activity;sid:81889447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026348/; classtype:trojan-activity;sid:81889448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.116.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026346/; classtype:trojan-activity;sid:81889446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.95.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026345/; classtype:trojan-activity;sid:81889445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.195.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026342/; classtype:trojan-activity;sid:81889442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.183.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026343/; classtype:trojan-activity;sid:81889443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.60.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026344/; classtype:trojan-activity;sid:81889444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.142.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026340/; classtype:trojan-activity;sid:81889440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.202.37.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026341/; classtype:trojan-activity;sid:81889441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.182.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026339/; classtype:trojan-activity;sid:81889439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.91.245.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026338/; classtype:trojan-activity;sid:81889438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.101.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026337/; classtype:trojan-activity;sid:81889437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026336)"; flow:established,from_client; content:"GET"; http_method; content:"/gutpag.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"yc1op3jh39r.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026336/; classtype:trojan-activity;sid:81889436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026335)"; flow:established,from_client; content:"GET"; http_method; content:"/gutpag.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"q1s0oci49jo.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026335/; classtype:trojan-activity;sid:81889435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.156.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026334/; classtype:trojan-activity;sid:81889434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.96.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026331/; classtype:trojan-activity;sid:81889431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.95.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026332/; classtype:trojan-activity;sid:81889432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.69.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026333/; classtype:trojan-activity;sid:81889433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.51.133.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026330/; classtype:trojan-activity;sid:81889430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.86.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026329/; classtype:trojan-activity;sid:81889429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.50.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026328/; classtype:trojan-activity;sid:81889428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.56.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026327/; classtype:trojan-activity;sid:81889427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.167.165.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026326/; classtype:trojan-activity;sid:81889426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.62.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026325/; classtype:trojan-activity;sid:81889425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.89.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026324/; classtype:trojan-activity;sid:81889424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.67.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026323/; classtype:trojan-activity;sid:81889423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.218.127.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026322/; classtype:trojan-activity;sid:81889422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.154.26.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026320/; classtype:trojan-activity;sid:81889420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.165.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026321/; classtype:trojan-activity;sid:81889421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.39.108.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026319/; classtype:trojan-activity;sid:81889419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.23.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026318/; classtype:trojan-activity;sid:81889418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.92.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026317/; classtype:trojan-activity;sid:81889417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.62.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026316/; classtype:trojan-activity;sid:81889416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.89.79.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026315/; classtype:trojan-activity;sid:81889415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.16.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026314/; classtype:trojan-activity;sid:81889414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.133.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026311/; classtype:trojan-activity;sid:81889411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.129.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026312/; classtype:trojan-activity;sid:81889412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.248.151.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026313/; classtype:trojan-activity;sid:81889413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.215.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026310/; classtype:trojan-activity;sid:81889410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.86.233.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026309/; classtype:trojan-activity;sid:81889409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.173.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026308/; classtype:trojan-activity;sid:81889408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.100.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026306/; classtype:trojan-activity;sid:81889406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.39.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026307/; classtype:trojan-activity;sid:81889407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.204.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026305/; classtype:trojan-activity;sid:81889405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.89.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026304/; classtype:trojan-activity;sid:81889404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026303)"; flow:established,from_client; content:"GET"; http_method; content:"/css/embarf.point"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bearcatpumps.com.cn"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026303/; classtype:trojan-activity;sid:81889403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.37.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026302/; classtype:trojan-activity;sid:81889402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026301)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.arm7"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"45.95.168.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026301/; classtype:trojan-activity;sid:81889401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026300)"; flow:established,from_client; content:"GET"; http_method; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/kkvettgaaasecnnaaaa.arm"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"45.95.168.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026300/; classtype:trojan-activity;sid:81889400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.224.160.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026299/; classtype:trojan-activity;sid:81889399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.66.79.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026298/; classtype:trojan-activity;sid:81889398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.21.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026297/; classtype:trojan-activity;sid:81889397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.163.176.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026296/; classtype:trojan-activity;sid:81889396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.92.80.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026295/; classtype:trojan-activity;sid:81889395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.61.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026293/; classtype:trojan-activity;sid:81889393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.239.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026294/; classtype:trojan-activity;sid:81889394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.42.107.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026292/; classtype:trojan-activity;sid:81889392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.55.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026291/; classtype:trojan-activity;sid:81889391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.104.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026290/; classtype:trojan-activity;sid:81889390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.163.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026289/; classtype:trojan-activity;sid:81889389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.236.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026288/; classtype:trojan-activity;sid:81889388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.41.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026287/; classtype:trojan-activity;sid:81889387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.130.28.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026284/; classtype:trojan-activity;sid:81889384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.56.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026285/; classtype:trojan-activity;sid:81889385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.70.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026286/; classtype:trojan-activity;sid:81889386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.120.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026283/; classtype:trojan-activity;sid:81889383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.163.126.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026281/; classtype:trojan-activity;sid:81889381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.220.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026282/; classtype:trojan-activity;sid:81889382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.245.11.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026276/; classtype:trojan-activity;sid:81889376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.25.132.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026277/; classtype:trojan-activity;sid:81889377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.90.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026278/; classtype:trojan-activity;sid:81889378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.212.152.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026279/; classtype:trojan-activity;sid:81889379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.111.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026280/; classtype:trojan-activity;sid:81889380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.40.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026274/; classtype:trojan-activity;sid:81889374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.37.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026275/; classtype:trojan-activity;sid:81889375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.168.251.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026273/; classtype:trojan-activity;sid:81889373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.39.108.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026272/; classtype:trojan-activity;sid:81889372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.113.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026271/; classtype:trojan-activity;sid:81889371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.33.104.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026269/; classtype:trojan-activity;sid:81889369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.37.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026270/; classtype:trojan-activity;sid:81889370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.178.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026268/; classtype:trojan-activity;sid:81889368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.153.154.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026264/; classtype:trojan-activity;sid:81889364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.11.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026265/; classtype:trojan-activity;sid:81889365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.46.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026266/; classtype:trojan-activity;sid:81889366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.219.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026267/; classtype:trojan-activity;sid:81889367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.232.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026263/; classtype:trojan-activity;sid:81889363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.179.243.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026261/; classtype:trojan-activity;sid:81889361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.108.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026262/; classtype:trojan-activity;sid:81889362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.105.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026260/; classtype:trojan-activity;sid:81889360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.106.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026254/; classtype:trojan-activity;sid:81889354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.244.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026255/; classtype:trojan-activity;sid:81889355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.74.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026256/; classtype:trojan-activity;sid:81889356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.25.111.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026257/; classtype:trojan-activity;sid:81889357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.104.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026258/; classtype:trojan-activity;sid:81889358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.95.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026259/; classtype:trojan-activity;sid:81889359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.175.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026253/; classtype:trojan-activity;sid:81889353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.42.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026252/; classtype:trojan-activity;sid:81889352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.107.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026250/; classtype:trojan-activity;sid:81889350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.23.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026251/; classtype:trojan-activity;sid:81889351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.80.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026249/; classtype:trojan-activity;sid:81889349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.56.85.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026247/; classtype:trojan-activity;sid:81889347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026248)"; flow:established,from_client; content:"GET"; http_method; content:"/css/tolkio.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bearcatpumps.com.cn"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026248/; classtype:trojan-activity;sid:81889348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69.165.173.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026246/; classtype:trojan-activity;sid:81889346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.86.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026244/; classtype:trojan-activity;sid:81889344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.110.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026245/; classtype:trojan-activity;sid:81889345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026243)"; flow:established,from_client; content:"GET"; http_method; content:"/4c390c44b092d37423ee0fb60cbf01a4/updateprofile-15.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"fotamene.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026243/; classtype:trojan-activity;sid:81889343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.104.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026242/; classtype:trojan-activity;sid:81889342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.117.11.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026240/; classtype:trojan-activity;sid:81889340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.125.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026241/; classtype:trojan-activity;sid:81889341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.23.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026239/; classtype:trojan-activity;sid:81889339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026238)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"220.135.232.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026238/; classtype:trojan-activity;sid:81889338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.111.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026237/; classtype:trojan-activity;sid:81889337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026236)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.105.77.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026236/; classtype:trojan-activity;sid:81889336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.255.226.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026235/; classtype:trojan-activity;sid:81889335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.122.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026232/; classtype:trojan-activity;sid:81889332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.214.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026233/; classtype:trojan-activity;sid:81889333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.173.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026234/; classtype:trojan-activity;sid:81889334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.75.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026229/; classtype:trojan-activity;sid:81889329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.58.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026230/; classtype:trojan-activity;sid:81889330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.33.116.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026231/; classtype:trojan-activity;sid:81889331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.56.85.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026228/; classtype:trojan-activity;sid:81889328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.16.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026227/; classtype:trojan-activity;sid:81889327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.104.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026226/; classtype:trojan-activity;sid:81889326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.49.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026225/; classtype:trojan-activity;sid:81889325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.1.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026224/; classtype:trojan-activity;sid:81889324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.160.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026223/; classtype:trojan-activity;sid:81889323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.128.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026222/; classtype:trojan-activity;sid:81889322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.117.11.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026221/; classtype:trojan-activity;sid:81889321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.249.83.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026218/; classtype:trojan-activity;sid:81889318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.41.221.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026219/; classtype:trojan-activity;sid:81889319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.175.34.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026220/; classtype:trojan-activity;sid:81889320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.46.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026216/; classtype:trojan-activity;sid:81889316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.11.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026217/; classtype:trojan-activity;sid:81889317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.31.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026212/; classtype:trojan-activity;sid:81889312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.163.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026213/; classtype:trojan-activity;sid:81889313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.166.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026214/; classtype:trojan-activity;sid:81889314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.175.32.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026215/; classtype:trojan-activity;sid:81889315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.156.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026210/; classtype:trojan-activity;sid:81889310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.142.20.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026211/; classtype:trojan-activity;sid:81889311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026208/; classtype:trojan-activity;sid:81889308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.51.147.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026209/; classtype:trojan-activity;sid:81889309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.90.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026207/; classtype:trojan-activity;sid:81889307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.16.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026206/; classtype:trojan-activity;sid:81889306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.49.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026205/; classtype:trojan-activity;sid:81889305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.179.3.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026204/; classtype:trojan-activity;sid:81889304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.1.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026203/; classtype:trojan-activity;sid:81889303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.46.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026202/; classtype:trojan-activity;sid:81889302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1026199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.189.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_02_23; reference:url, urlhaus.abuse.ch/url/1026199/; classtype:trojan-activity;sid:81889299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"U