################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2020-02-25 18:14:03 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wyf5uvhj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318696/; classtype:trojan-activity;sid:81181796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.84.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318695/; classtype:trojan-activity;sid:81181795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318694/; classtype:trojan-activity;sid:81181794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.130.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318693/; classtype:trojan-activity;sid:81181793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"185.103.138.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318692/; classtype:trojan-activity;sid:81181792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.111.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318691/; classtype:trojan-activity;sid:81181791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.51.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318690/; classtype:trojan-activity;sid:81181790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318688/; classtype:trojan-activity;sid:81181788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.171.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318687/; classtype:trojan-activity;sid:81181787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.53.28.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318686/; classtype:trojan-activity;sid:81181786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.117.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318685/; classtype:trojan-activity;sid:81181785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.74.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318683/; classtype:trojan-activity;sid:81181783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.119.208.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318682/; classtype:trojan-activity;sid:81181782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.209.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318681/; classtype:trojan-activity;sid:81181781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318680/; classtype:trojan-activity;sid:81181780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.251.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318679/; classtype:trojan-activity;sid:81181779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.180.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318678/; classtype:trojan-activity;sid:81181778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318677/; classtype:trojan-activity;sid:81181777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.10.56.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318676/; classtype:trojan-activity;sid:81181776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.109.40.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318675/; classtype:trojan-activity;sid:81181775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2019w2_pdf.zip"; http_uri; depth:15; isdataat:!1,relative; content:"marthagrp.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318673/; classtype:trojan-activity;sid:81181773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/client-built_76ff.exe"; http_uri; depth:22; isdataat:!1,relative; content:"marthagrp.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318672/; classtype:trojan-activity;sid:81181772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/client-built_encrypted_a25428f.bin"; http_uri; depth:35; isdataat:!1,relative; content:"marthagrp.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318671/; classtype:trojan-activity;sid:81181771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tax-document.zip"; http_uri; depth:17; isdataat:!1,relative; content:"marthagrp.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318670/; classtype:trojan-activity;sid:81181770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tax-documents_pdf.zip"; http_uri; depth:22; isdataat:!1,relative; content:"marthagrp.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318669/; classtype:trojan-activity;sid:81181769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/seat_encrypted_d1bb82f.bin"; http_uri; depth:27; isdataat:!1,relative; content:"portermedicals.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318668/; classtype:trojan-activity;sid:81181768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rest_encrypted_3bbe800.bin"; http_uri; depth:27; isdataat:!1,relative; content:"portermedicals.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318667/; classtype:trojan-activity;sid:81181767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oz_encrypted_1ce5bc0.bin"; http_uri; depth:25; isdataat:!1,relative; content:"portermedicals.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318666/; classtype:trojan-activity;sid:81181766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ool_encrypted_8c2e1ef.bin"; http_uri; depth:26; isdataat:!1,relative; content:"portermedicals.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318665/; classtype:trojan-activity;sid:81181765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/client_encrypted_fd01edf.bin"; http_uri; depth:29; isdataat:!1,relative; content:"portermedicals.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318664/; classtype:trojan-activity;sid:81181764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/client_encrypted_b86bf9f.bin"; http_uri; depth:29; isdataat:!1,relative; content:"portermedicals.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318663/; classtype:trojan-activity;sid:81181763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/client-built_encrypted_bead0.bin"; http_uri; depth:33; isdataat:!1,relative; content:"portermedicals.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318662/; classtype:trojan-activity;sid:81181762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/client-built_encrypted_825ceff.bin"; http_uri; depth:35; isdataat:!1,relative; content:"portermedicals.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318661/; classtype:trojan-activity;sid:81181761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/client-built_5b65_encrypted_bf0e00f.bin"; http_uri; depth:40; isdataat:!1,relative; content:"portermedicals.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318660/; classtype:trojan-activity;sid:81181760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bjcpute5"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318659/; classtype:trojan-activity;sid:81181759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"49.159.141.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318658/; classtype:trojan-activity;sid:81181758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/632864244857307157/679949280378748968/scan-copyb840284-img-2020-20-02-document-pdf.img"; http_uri; depth:99; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318657/; classtype:trojan-activity;sid:81181757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/671578422916677645/681352578206007327/assign_agreement.img"; http_uri; depth:71; isdataat:!1,relative; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318656/; classtype:trojan-activity;sid:81181756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.5.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318655/; classtype:trojan-activity;sid:81181755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.80.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318653/; classtype:trojan-activity;sid:81181753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.190.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318651/; classtype:trojan-activity;sid:81181751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318650/; classtype:trojan-activity;sid:81181750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.194.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318649/; classtype:trojan-activity;sid:81181749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318648/; classtype:trojan-activity;sid:81181748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.103.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318646/; classtype:trojan-activity;sid:81181746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.144.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318645/; classtype:trojan-activity;sid:81181745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.104.233.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318644/; classtype:trojan-activity;sid:81181744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.113.8.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318643/; classtype:trojan-activity;sid:81181743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318641/; classtype:trojan-activity;sid:81181741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.202.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318640/; classtype:trojan-activity;sid:81181740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.118.184.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318639/; classtype:trojan-activity;sid:81181739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.14.106.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318638/; classtype:trojan-activity;sid:81181738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fcrz7mut"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318637/; classtype:trojan-activity;sid:81181737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jpmhbygl"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318636/; classtype:trojan-activity;sid:81181736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/client-built_4b9.exe"; http_uri; depth:21; isdataat:!1,relative; content:"portermedicals.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318635/; classtype:trojan-activity;sid:81181735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hsyvirzk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318634/; classtype:trojan-activity;sid:81181734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ssnfmefrcdewgxhzrpug/rdyjndu.bin"; http_uri; depth:33; isdataat:!1,relative; content:"gentrifyingharlem.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318633/; classtype:trojan-activity;sid:81181733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e8/20109770.jpg"; http_uri; depth:16; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318632/; classtype:trojan-activity;sid:81181732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e8/choo523.jpg"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318631/; classtype:trojan-activity;sid:81181731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e8/bin_1a28.jpg"; http_uri; depth:16; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318630/; classtype:trojan-activity;sid:81181730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oo.exe"; http_uri; depth:7; isdataat:!1,relative; content:"158.69.39.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318629/; classtype:trojan-activity;sid:81181729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downfiles/4.exe"; http_uri; depth:16; isdataat:!1,relative; content:"jload03.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318628/; classtype:trojan-activity;sid:81181728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ola.exe"; http_uri; depth:8; isdataat:!1,relative; content:"158.69.39.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318627/; classtype:trojan-activity;sid:81181727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.195.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318626/; classtype:trojan-activity;sid:81181726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.175.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318625/; classtype:trojan-activity;sid:81181725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318624/; classtype:trojan-activity;sid:81181724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"185.103.138.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318623/; classtype:trojan-activity;sid:81181723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318621/; classtype:trojan-activity;sid:81181721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.129.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318619/; classtype:trojan-activity;sid:81181719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318618/; classtype:trojan-activity;sid:81181718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.69.255.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318617/; classtype:trojan-activity;sid:81181717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.47.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318616/; classtype:trojan-activity;sid:81181716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.204.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318615/; classtype:trojan-activity;sid:81181715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/secure/svchost.pdf"; http_uri; depth:19; isdataat:!1,relative; content:"chnwsdy3threewealthandreinforcementagenc.duckdns.org"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318613/; classtype:trojan-activity;sid:81181713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/version2019.021.20059/adobedownloader.exe"; http_uri; depth:52; isdataat:!1,relative; content:"flashplayer-adobeplugin.a-d.me"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318610/; classtype:trojan-activity;sid:81181710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/version2019.021.20059/adobe.installer.exe"; http_uri; depth:52; isdataat:!1,relative; content:"flashplayer-adobeplugin.a-d.me"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318609/; classtype:trojan-activity;sid:81181709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/version2019.021.20059/adobe_flashplayer_updater.exe"; http_uri; depth:62; isdataat:!1,relative; content:"flashplayer-adobeplugin.a-d.me"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318608/; classtype:trojan-activity;sid:81181708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/version2019.021.20059/adobe-flashplayer-installer.exe"; http_uri; depth:64; isdataat:!1,relative; content:"flashplayer-adobeplugin.a-d.me"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318607/; classtype:trojan-activity;sid:81181707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1wvyc3o3_fegjfdfp7iya9vn_wj-puf7t"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318603/; classtype:trojan-activity;sid:81181703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vpadmin/egbon.exe"; http_uri; depth:18; isdataat:!1,relative; content:"23.249.165.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318595/; classtype:trojan-activity;sid:81181695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e8/8013772.jpg"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318594/; classtype:trojan-activity;sid:81181694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vpadmin/pressing.exe"; http_uri; depth:21; isdataat:!1,relative; content:"23.249.165.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318592/; classtype:trojan-activity;sid:81181692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"66.38.88.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318591/; classtype:trojan-activity;sid:81181691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.169.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318590/; classtype:trojan-activity;sid:81181690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.120.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318588/; classtype:trojan-activity;sid:81181688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"37.232.98.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318587/; classtype:trojan-activity;sid:81181687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.226.78.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318586/; classtype:trojan-activity;sid:81181686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.72.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318585/; classtype:trojan-activity;sid:81181685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318584/; classtype:trojan-activity;sid:81181684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.81.164.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318583/; classtype:trojan-activity;sid:81181683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318581/; classtype:trojan-activity;sid:81181681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.120.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318580/; classtype:trojan-activity;sid:81181680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.74.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318579/; classtype:trojan-activity;sid:81181679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.117.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318578/; classtype:trojan-activity;sid:81181678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.127.230.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318576/; classtype:trojan-activity;sid:81181676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/mjcegcd/links/linkscry.exe"; http_uri; depth:46; isdataat:!1,relative; content:"www.ethnomedicine.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318574/; classtype:trojan-activity;sid:81181674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bgs/x.exe"; http_uri; depth:10; isdataat:!1,relative; content:"omentradinginternationalprivateltd.duckdns.org"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318573/; classtype:trojan-activity;sid:81181673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bgs/vbc.exe"; http_uri; depth:12; isdataat:!1,relative; content:"omentradinginternationalprivateltd.duckdns.org"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318572/; classtype:trojan-activity;sid:81181672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chfrnd2doc/regasm.exe"; http_uri; depth:22; isdataat:!1,relative; content:"sub2chnfrndthsdy2manglobalbusinessexytwo.duckdns.org"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318571/; classtype:trojan-activity;sid:81181671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.71.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318570/; classtype:trojan-activity;sid:81181670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.68.143.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318569/; classtype:trojan-activity;sid:81181669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318567/; classtype:trojan-activity;sid:81181667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318566/; classtype:trojan-activity;sid:81181666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.11.49.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318565/; classtype:trojan-activity;sid:81181665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318564/; classtype:trojan-activity;sid:81181664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.119.92.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318563/; classtype:trojan-activity;sid:81181663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.227.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318561/; classtype:trojan-activity;sid:81181661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.15.151.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318559/; classtype:trojan-activity;sid:81181659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318557/; classtype:trojan-activity;sid:81181657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/packetsxtsunami.m68k"; http_uri; depth:26; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318556/; classtype:trojan-activity;sid:81181656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/packetsxtsunami.spc"; http_uri; depth:25; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318555/; classtype:trojan-activity;sid:81181655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/packetsxtsunami.sh4"; http_uri; depth:25; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318554/; classtype:trojan-activity;sid:81181654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/packetsxtsunami.ppc"; http_uri; depth:25; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318553/; classtype:trojan-activity;sid:81181653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/mjcegcd/kenny/kennycry.exe"; http_uri; depth:46; isdataat:!1,relative; content:"www.ethnomedicine.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318550/; classtype:trojan-activity;sid:81181650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chfrnd2doc/regasm.exe"; http_uri; depth:22; isdataat:!1,relative; content:"192.3.152.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318549/; classtype:trojan-activity;sid:81181649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/packetsxtsunami.x86"; http_uri; depth:25; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318547/; classtype:trojan-activity;sid:81181647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/packetsxtsunami.mpsl"; http_uri; depth:26; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318546/; classtype:trojan-activity;sid:81181646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/packetsxtsunami.mips"; http_uri; depth:26; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318545/; classtype:trojan-activity;sid:81181645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/packetsxtsunami.arm7"; http_uri; depth:26; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318544/; classtype:trojan-activity;sid:81181644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/packetsxtsunami.arm6"; http_uri; depth:26; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318543/; classtype:trojan-activity;sid:81181643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/packetsxtsunami.arm5"; http_uri; depth:26; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318542/; classtype:trojan-activity;sid:81181642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/packetsxtsunami.arm"; http_uri; depth:25; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318541/; classtype:trojan-activity;sid:81181641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bn.a"; http_uri; depth:5; isdataat:!1,relative; content:"185.174.101.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318539/; classtype:trojan-activity;sid:81181639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bn.gz"; http_uri; depth:6; isdataat:!1,relative; content:"185.174.101.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318538/; classtype:trojan-activity;sid:81181638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vpadmin/pressing.exe"; http_uri; depth:21; isdataat:!1,relative; content:"23.249.165.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318537/; classtype:trojan-activity;sid:81181637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vpadmin/egbon.exe"; http_uri; depth:18; isdataat:!1,relative; content:"23.249.165.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318536/; classtype:trojan-activity;sid:81181636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.123.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318534/; classtype:trojan-activity;sid:81181634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318533/; classtype:trojan-activity;sid:81181633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"177.128.34.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318531/; classtype:trojan-activity;sid:81181631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"66.38.95.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318530/; classtype:trojan-activity;sid:81181630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.129.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318529/; classtype:trojan-activity;sid:81181629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.8.103.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318528/; classtype:trojan-activity;sid:81181628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.227.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318527/; classtype:trojan-activity;sid:81181627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318526/; classtype:trojan-activity;sid:81181626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318525/; classtype:trojan-activity;sid:81181625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318524/; classtype:trojan-activity;sid:81181624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318523/; classtype:trojan-activity;sid:81181623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.95.131.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318522/; classtype:trojan-activity;sid:81181622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.63.58.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318519/; classtype:trojan-activity;sid:81181619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.115.33.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318518/; classtype:trojan-activity;sid:81181618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.198.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318517/; classtype:trojan-activity;sid:81181617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318516/; classtype:trojan-activity;sid:81181616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318515/; classtype:trojan-activity;sid:81181615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.208.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318513/; classtype:trojan-activity;sid:81181613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/mjcegcd/gozie/goziwecry.exe"; http_uri; depth:47; isdataat:!1,relative; content:"www.ethnomedicine.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318509/; classtype:trojan-activity;sid:81181609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/quotations-sheets.exe"; http_uri; depth:22; isdataat:!1,relative; content:"1579850.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318503/; classtype:trojan-activity;sid:81181603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/quotation%20sheet.exe"; http_uri; depth:22; isdataat:!1,relative; content:"1579850.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318502/; classtype:trojan-activity;sid:81181602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/quotation-sheets.exe"; http_uri; depth:21; isdataat:!1,relative; content:"1579850.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318501/; classtype:trojan-activity;sid:81181601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/payment-swift.exe"; http_uri; depth:18; isdataat:!1,relative; content:"1579850.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318500/; classtype:trojan-activity;sid:81181600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rolex.exe"; http_uri; depth:10; isdataat:!1,relative; content:"steep-hita-7971.lovepop.jp"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318499/; classtype:trojan-activity;sid:81181599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/drop.bin"; http_uri; depth:9; isdataat:!1,relative; content:"199.19.226.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318497/; classtype:trojan-activity;sid:81181597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/empty"; http_uri; depth:6; isdataat:!1,relative; content:"will-clean.hk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318492/; classtype:trojan-activity;sid:81181592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"211.137.225.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318490/; classtype:trojan-activity;sid:81181590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xojkzffojkdxjovkpkkt/twcdwjr.bin"; http_uri; depth:33; isdataat:!1,relative; content:"smokingpot.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318489/; classtype:trojan-activity;sid:81181589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.38.26.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318488/; classtype:trojan-activity;sid:81181588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.209.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318487/; classtype:trojan-activity;sid:81181587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.228.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318486/; classtype:trojan-activity;sid:81181586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.223.238.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318485/; classtype:trojan-activity;sid:81181585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.95.158.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318484/; classtype:trojan-activity;sid:81181584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.226.82.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318483/; classtype:trojan-activity;sid:81181583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.201.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318480/; classtype:trojan-activity;sid:81181580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.69.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318477/; classtype:trojan-activity;sid:81181577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.73.52.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318476/; classtype:trojan-activity;sid:81181576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318475/; classtype:trojan-activity;sid:81181575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"93.126.60.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318471/; classtype:trojan-activity;sid:81181571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"93.126.60.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318470/; classtype:trojan-activity;sid:81181570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"93.126.60.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318469/; classtype:trojan-activity;sid:81181569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yoyobins.sh"; http_uri; depth:12; isdataat:!1,relative; content:"93.126.60.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318468/; classtype:trojan-activity;sid:81181568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"93.126.60.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318467/; classtype:trojan-activity;sid:81181567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"93.126.60.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318466/; classtype:trojan-activity;sid:81181566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"93.126.60.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318465/; classtype:trojan-activity;sid:81181565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"93.126.60.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318462/; classtype:trojan-activity;sid:81181562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"93.126.60.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318460/; classtype:trojan-activity;sid:81181560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"93.126.60.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318459/; classtype:trojan-activity;sid:81181559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"93.126.60.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318458/; classtype:trojan-activity;sid:81181558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"84.81.219.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318457/; classtype:trojan-activity;sid:81181557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"93.126.60.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318456/; classtype:trojan-activity;sid:81181556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"93.126.60.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318455/; classtype:trojan-activity;sid:81181555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318454/; classtype:trojan-activity;sid:81181554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.6.214.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318453/; classtype:trojan-activity;sid:81181553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318451/; classtype:trojan-activity;sid:81181551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.69.137.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318450/; classtype:trojan-activity;sid:81181550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318449/; classtype:trojan-activity;sid:81181549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.222.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318448/; classtype:trojan-activity;sid:81181548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318447/; classtype:trojan-activity;sid:81181547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.151.242.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318446/; classtype:trojan-activity;sid:81181546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.121.231.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318445/; classtype:trojan-activity;sid:81181545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.214.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318444/; classtype:trojan-activity;sid:81181544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.250.25.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318442/; classtype:trojan-activity;sid:81181542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e8/funndd.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318441/; classtype:trojan-activity;sid:81181541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.188.221.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318439/; classtype:trojan-activity;sid:81181539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.251.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318436/; classtype:trojan-activity;sid:81181536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.113.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318435/; classtype:trojan-activity;sid:81181535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318434/; classtype:trojan-activity;sid:81181534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.211.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318432/; classtype:trojan-activity;sid:81181532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.169.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318428/; classtype:trojan-activity;sid:81181528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.227.126.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318427/; classtype:trojan-activity;sid:81181527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.148.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318426/; classtype:trojan-activity;sid:81181526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318425/; classtype:trojan-activity;sid:81181525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.110.114.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318424/; classtype:trojan-activity;sid:81181524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318423/; classtype:trojan-activity;sid:81181523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.140.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318422/; classtype:trojan-activity;sid:81181522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.107.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318421/; classtype:trojan-activity;sid:81181521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318420/; classtype:trojan-activity;sid:81181520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.111.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318419/; classtype:trojan-activity;sid:81181519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.115.35.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318418/; classtype:trojan-activity;sid:81181518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.72.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318413/; classtype:trojan-activity;sid:81181513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_25; reference:url, urlhaus.abuse.ch/url/318411/; classtype:trojan-activity;sid:81181511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads_/bvgt"; http_uri; depth:14; isdataat:!1,relative; content:"172.93.187.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318410/; classtype:trojan-activity;sid:81181510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/txj28dqp"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318409/; classtype:trojan-activity;sid:81181509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mpfcdb96"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318408/; classtype:trojan-activity;sid:81181508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.spc"; http_uri; depth:16; isdataat:!1,relative; content:"45.148.10.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318407/; classtype:trojan-activity;sid:81181507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"45.148.10.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318406/; classtype:trojan-activity;sid:81181506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318405/; classtype:trojan-activity;sid:81181505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"187.85.253.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318404/; classtype:trojan-activity;sid:81181504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.124.13.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318403/; classtype:trojan-activity;sid:81181503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"171.125.74.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318402/; classtype:trojan-activity;sid:81181502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318401/; classtype:trojan-activity;sid:81181501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318400/; classtype:trojan-activity;sid:81181500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.188.126.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318399/; classtype:trojan-activity;sid:81181499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.71.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318398/; classtype:trojan-activity;sid:81181498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318397/; classtype:trojan-activity;sid:81181497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.55.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318396/; classtype:trojan-activity;sid:81181496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.64.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318395/; classtype:trojan-activity;sid:81181495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"14.104.154.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318394/; classtype:trojan-activity;sid:81181494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.90.88.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318393/; classtype:trojan-activity;sid:81181493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318392/; classtype:trojan-activity;sid:81181492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.39.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318391/; classtype:trojan-activity;sid:81181491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318390/; classtype:trojan-activity;sid:81181490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.231.164.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318389/; classtype:trojan-activity;sid:81181489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"189.1.140.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318388/; classtype:trojan-activity;sid:81181488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"79.117.97.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318387/; classtype:trojan-activity;sid:81181487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"121.122.126.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318386/; classtype:trojan-activity;sid:81181486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.34.116.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318385/; classtype:trojan-activity;sid:81181485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1xtl6zf6"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318384/; classtype:trojan-activity;sid:81181484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rgablxky"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318383/; classtype:trojan-activity;sid:81181483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e8/60513057.jpg"; http_uri; depth:16; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318382/; classtype:trojan-activity;sid:81181482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yas14.exe"; http_uri; depth:10; isdataat:!1,relative; content:"techno-infosys.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318381/; classtype:trojan-activity;sid:81181481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yas14.exe"; http_uri; depth:10; isdataat:!1,relative; content:"shawigroup.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318380/; classtype:trojan-activity;sid:81181480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yas14.exe"; http_uri; depth:10; isdataat:!1,relative; content:"al-sakha.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318379/; classtype:trojan-activity;sid:81181479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dv2dvvuq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318378/; classtype:trojan-activity;sid:81181478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e8/6060217.jpg"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318377/; classtype:trojan-activity;sid:81181477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318376/; classtype:trojan-activity;sid:81181476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.182.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318375/; classtype:trojan-activity;sid:81181475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318374/; classtype:trojan-activity;sid:81181474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318373/; classtype:trojan-activity;sid:81181473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.166.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318372/; classtype:trojan-activity;sid:81181472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"192.240.60.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318371/; classtype:trojan-activity;sid:81181471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.21.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318370/; classtype:trojan-activity;sid:81181470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318369/; classtype:trojan-activity;sid:81181469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.13.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318368/; classtype:trojan-activity;sid:81181468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.106.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318367/; classtype:trojan-activity;sid:81181467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.5.251.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318366/; classtype:trojan-activity;sid:81181466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318365/; classtype:trojan-activity;sid:81181465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318364/; classtype:trojan-activity;sid:81181464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"192.240.57.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318363/; classtype:trojan-activity;sid:81181463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.56.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318362/; classtype:trojan-activity;sid:81181462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"66.247.205.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318361/; classtype:trojan-activity;sid:81181461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/upyuxuvp"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318360/; classtype:trojan-activity;sid:81181460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xdpgcgkc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318359/; classtype:trojan-activity;sid:81181459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/leurbcg7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318358/; classtype:trojan-activity;sid:81181458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nwhtjcma"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318357/; classtype:trojan-activity;sid:81181457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/d3jivrvm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318356/; classtype:trojan-activity;sid:81181456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/luga8svl"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318355/; classtype:trojan-activity;sid:81181455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/7gvyhl6w"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318354/; classtype:trojan-activity;sid:81181454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/p4wr4jxt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318353/; classtype:trojan-activity;sid:81181453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"90.188.115.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318352/; classtype:trojan-activity;sid:81181452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bvuhqza9"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318351/; classtype:trojan-activity;sid:81181451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3wmwlknz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318350/; classtype:trojan-activity;sid:81181450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rjkgmu3k"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318349/; classtype:trojan-activity;sid:81181449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.194.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318348/; classtype:trojan-activity;sid:81181448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.249.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318347/; classtype:trojan-activity;sid:81181447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.68.4.140"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318346/; classtype:trojan-activity;sid:81181446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318345/; classtype:trojan-activity;sid:81181445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.209.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318344/; classtype:trojan-activity;sid:81181444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.221.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318343/; classtype:trojan-activity;sid:81181443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318342/; classtype:trojan-activity;sid:81181442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318341/; classtype:trojan-activity;sid:81181441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318340/; classtype:trojan-activity;sid:81181440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.43.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318339/; classtype:trojan-activity;sid:81181439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"177.128.39.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318338/; classtype:trojan-activity;sid:81181438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.185.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318337/; classtype:trojan-activity;sid:81181437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.251.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318336/; classtype:trojan-activity;sid:81181436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"14.113.231.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318335/; classtype:trojan-activity;sid:81181435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318334/; classtype:trojan-activity;sid:81181434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.204.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318333/; classtype:trojan-activity;sid:81181433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.109.191.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318332/; classtype:trojan-activity;sid:81181432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318331/; classtype:trojan-activity;sid:81181431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.231.102.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318330/; classtype:trojan-activity;sid:81181430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.80.62.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318329/; classtype:trojan-activity;sid:81181429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318328/; classtype:trojan-activity;sid:81181428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.75.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318327/; classtype:trojan-activity;sid:81181427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/v/inetl.exe"; http_uri; depth:35; isdataat:!1,relative; content:"expatchoicehealthinsurance.insurenowcr.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318326/; classtype:trojan-activity;sid:81181426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/st/list.ps1"; http_uri; depth:35; isdataat:!1,relative; content:"expatchoicehealthinsurance.insurenowcr.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318325/; classtype:trojan-activity;sid:81181425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/rs/resurrection_encrypted_a1eaa7f.bin"; http_uri; depth:61; isdataat:!1,relative; content:"expatchoicehealthinsurance.insurenowcr.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318324/; classtype:trojan-activity;sid:81181424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/pt/lordlord_encrypted_1e9ec0.bin"; http_uri; depth:56; isdataat:!1,relative; content:"expatchoicehealthinsurance.insurenowcr.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318323/; classtype:trojan-activity;sid:81181423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zjhmuams"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318322/; classtype:trojan-activity;sid:81181422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2018/07/chib.exe"; http_uri; depth:36; isdataat:!1,relative; content:"silverduckdesigns.co.uk"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318321/; classtype:trojan-activity;sid:81181421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mon/vbc.exe"; http_uri; depth:12; isdataat:!1,relative; content:"msofficeinternatiinalfilecloudtransfer.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318320/; classtype:trojan-activity;sid:81181420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/dd/remittance.ps1"; http_uri; depth:41; isdataat:!1,relative; content:"expatchoicehealthinsurance.insurenowcr.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318319/; classtype:trojan-activity;sid:81181419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/cdy/remit.ps1"; http_uri; depth:37; isdataat:!1,relative; content:"expatchoicehealthinsurance.insurenowcr.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318318/; classtype:trojan-activity;sid:81181418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/bk/quote.ps1"; http_uri; depth:36; isdataat:!1,relative; content:"expatchoicehealthinsurance.insurenowcr.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318317/; classtype:trojan-activity;sid:81181417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/ov/po.ps1"; http_uri; depth:33; isdataat:!1,relative; content:"expatchoicehealthinsurance.insurenowcr.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318316/; classtype:trojan-activity;sid:81181416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e8/bbins.jpg"; http_uri; depth:13; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318315/; classtype:trojan-activity;sid:81181415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/taskshell32.txt"; http_uri; depth:16; isdataat:!1,relative; content:"pssuvlacajan.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318314/; classtype:trojan-activity;sid:81181414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/u9887fwx"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318313/; classtype:trojan-activity;sid:81181413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/felyj0dw"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318312/; classtype:trojan-activity;sid:81181412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.169.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318311/; classtype:trojan-activity;sid:81181411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ghablcfgtt=14862"; http_uri; depth:17; isdataat:!1,relative; content:"indoorairconditioner.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318310/; classtype:trojan-activity;sid:81181410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/piavricd"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318309/; classtype:trojan-activity;sid:81181409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uxyt7nq7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318308/; classtype:trojan-activity;sid:81181408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qgiwpk8f"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318307/; classtype:trojan-activity;sid:81181407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/9xqpqscz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318306/; classtype:trojan-activity;sid:81181406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/b4xgckmx"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318305/; classtype:trojan-activity;sid:81181405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ykcbcrpt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318304/; classtype:trojan-activity;sid:81181404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4vat4q1n"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318303/; classtype:trojan-activity;sid:81181403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kktvvyhc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318302/; classtype:trojan-activity;sid:81181402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads_/kmng"; http_uri; depth:14; isdataat:!1,relative; content:"172.93.187.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318301/; classtype:trojan-activity;sid:81181401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mt8ks6q7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318300/; classtype:trojan-activity;sid:81181400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mkr5pj2q"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318299/; classtype:trojan-activity;sid:81181399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dykirkt7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318298/; classtype:trojan-activity;sid:81181398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.42.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318297/; classtype:trojan-activity;sid:81181397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318296/; classtype:trojan-activity;sid:81181396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.22.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318295/; classtype:trojan-activity;sid:81181395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.113.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318294/; classtype:trojan-activity;sid:81181394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"177.128.34.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318293/; classtype:trojan-activity;sid:81181393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.81.194.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318292/; classtype:trojan-activity;sid:81181392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.201.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318291/; classtype:trojan-activity;sid:81181391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.226.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318290/; classtype:trojan-activity;sid:81181390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318289/; classtype:trojan-activity;sid:81181389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318288/; classtype:trojan-activity;sid:81181388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/46c2mlmu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318287/; classtype:trojan-activity;sid:81181387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qtaenx5e"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318286/; classtype:trojan-activity;sid:81181386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jyuxmfq5"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318285/; classtype:trojan-activity;sid:81181385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/7zaqnwcm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318284/; classtype:trojan-activity;sid:81181384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pi/abrirahhassan_7bd2.exe"; http_uri; depth:26; isdataat:!1,relative; content:"leedshrgroup.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318283/; classtype:trojan-activity;sid:81181383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/dl9l2g"; http_uri; depth:12; isdataat:!1,relative; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318282/; classtype:trojan-activity;sid:81181382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fwg7e"; http_uri; depth:6; isdataat:!1,relative; content:"bit.do"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318281/; classtype:trojan-activity;sid:81181381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pida/document-8557573844858475755586.pdf.zip"; http_uri; depth:45; isdataat:!1,relative; content:"13.95.31.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318280/; classtype:trojan-activity;sid:81181380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1-tvgsn3wkwj_rl0r729wit47dpam9rmy"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318279/; classtype:trojan-activity;sid:81181379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/pi8epktu"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318278/; classtype:trojan-activity;sid:81181378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3bbiegjt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318277/; classtype:trojan-activity;sid:81181377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sam/x.exe"; http_uri; depth:10; isdataat:!1,relative; content:"msofficeinternatiinalfilecloudtransfer.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318276/; classtype:trojan-activity;sid:81181376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sam/vbc.exe"; http_uri; depth:12; isdataat:!1,relative; content:"msofficeinternatiinalfilecloudtransfer.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318275/; classtype:trojan-activity;sid:81181375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sam/svch.exe"; http_uri; depth:13; isdataat:!1,relative; content:"msofficeinternatiinalfilecloudtransfer.duckdns.org"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318274/; classtype:trojan-activity;sid:81181374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vjfzenma"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318273/; classtype:trojan-activity;sid:81181373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vmvlchifmsijurcifnsu/ijlcdye.bin"; http_uri; depth:33; isdataat:!1,relative; content:"wongwong.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318272/; classtype:trojan-activity;sid:81181372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads_/zbiy"; http_uri; depth:14; isdataat:!1,relative; content:"172.93.187.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318271/; classtype:trojan-activity;sid:81181371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.34.222.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318270/; classtype:trojan-activity;sid:81181370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2018/07/elb.exe"; http_uri; depth:35; isdataat:!1,relative; content:"silverduckdesigns.co.uk"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318269/; classtype:trojan-activity;sid:81181369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/btc/ripples.exe"; http_uri; depth:16; isdataat:!1,relative; content:"digitalcurrencyexchane.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318268/; classtype:trojan-activity;sid:81181368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/a1.bin"; http_uri; depth:9; isdataat:!1,relative; content:"alaziz.in"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318267/; classtype:trojan-activity;sid:81181367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads_/yrql"; http_uri; depth:14; isdataat:!1,relative; content:"172.93.187.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318266/; classtype:trojan-activity;sid:81181366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.aspxauthkey=%21alyq3vqt%5fd%2do4n4|7c|26|7c|cid=15128527f18de6b7|7c|26|7c|resid=15128527f18de6b7%21107|7c|26|7c|parid=root|7c|26|7c|o=oneup"; http_uri; depth:149; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318265/; classtype:trojan-activity;sid:81181365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.aspxauthkey=%21aevpuwcuga71jg0|7c|26|7c|cid=15128527f18de6b7|7c|26|7c|resid=15128527f18de6b7%21108|7c|26|7c|parid=root|7c|26|7c|o=oneup"; http_uri; depth:145; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318264/; classtype:trojan-activity;sid:81181364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.aspxauthkey=%21alwiui%2duovbd38q|7c|26|7c|cid=15128527f18de6b7|7c|26|7c|resid=15128527f18de6b7%21109|7c|26|7c|parid=root|7c|26|7c|o=oneup"; http_uri; depth:147; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318263/; classtype:trojan-activity;sid:81181363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3b.exe"; http_uri; depth:7; isdataat:!1,relative; content:"milappresses.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318262/; classtype:trojan-activity;sid:81181362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/48b.exe"; http_uri; depth:8; isdataat:!1,relative; content:"milappresses.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318261/; classtype:trojan-activity;sid:81181361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/authkey=%21ahvgwhq8vbj7qbm|7c|26|7c|cid=15647e28d3722ad0|7c|26|7c|id=15647e28d3722ad0%21122|7c|26|7c|parid=15647e28d3722ad0%21118|7c|26|7c|action=locate"; http_uri; depth:153; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318260/; classtype:trojan-activity;sid:81181360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iekivwkxk=15530"; http_uri; depth:16; isdataat:!1,relative; content:"fragrancewipes.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318259/; classtype:trojan-activity;sid:81181359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/g83zeth2"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318258/; classtype:trojan-activity;sid:81181358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318257/; classtype:trojan-activity;sid:81181357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.204.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318256/; classtype:trojan-activity;sid:81181356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"79.27.19.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318255/; classtype:trojan-activity;sid:81181355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318254/; classtype:trojan-activity;sid:81181354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.226.35.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318253/; classtype:trojan-activity;sid:81181353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.102.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318252/; classtype:trojan-activity;sid:81181352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.68.121.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318251/; classtype:trojan-activity;sid:81181351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318250/; classtype:trojan-activity;sid:81181350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.233.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318249/; classtype:trojan-activity;sid:81181349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318248/; classtype:trojan-activity;sid:81181348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.114.86.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318247/; classtype:trojan-activity;sid:81181347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.103.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318246/; classtype:trojan-activity;sid:81181346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ooba/raccc_encrypted_e0231cf.bin"; http_uri; depth:33; isdataat:!1,relative; content:"109.201.143.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318245/; classtype:trojan-activity;sid:81181345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jjr3qaj3"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318244/; classtype:trojan-activity;sid:81181344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1b5f/raccc_1b5f.exe"; http_uri; depth:20; isdataat:!1,relative; content:"109.201.143.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318243/; classtype:trojan-activity;sid:81181343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/vbc.exe"; http_uri; depth:17; isdataat:!1,relative; content:"216.170.126.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318242/; classtype:trojan-activity;sid:81181342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9yax4b/bin_87b1.exe"; http_uri; depth:20; isdataat:!1,relative; content:"natco.es"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318241/; classtype:trojan-activity;sid:81181341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9yax4b/bin_6b6d.exe"; http_uri; depth:20; isdataat:!1,relative; content:"natco.es"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318240/; classtype:trojan-activity;sid:81181340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2018/07/frr.exe"; http_uri; depth:35; isdataat:!1,relative; content:"www.silverduckdesigns.co.uk"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318239/; classtype:trojan-activity;sid:81181339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"181.197.17.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318238/; classtype:trojan-activity;sid:81181338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/index2/v2tnew_encrypted_134c430.bin"; http_uri; depth:36; isdataat:!1,relative; content:"ajibolarilwan.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318237/; classtype:trojan-activity;sid:81181337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1amqyqua-w1mailayj0u45gwmvot4b2mv"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318236/; classtype:trojan-activity;sid:81181336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=16so116hdgkqg6oqpzsqvnl9weokmptj5"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318235/; classtype:trojan-activity;sid:81181335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"//9yax4b/bin_6b6d.exe"; http_uri; depth:21; isdataat:!1,relative; content:"natco.es"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318234/; classtype:trojan-activity;sid:81181334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ecneuqbn1aagftofixysovtbymq4rkgf"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318233/; classtype:trojan-activity;sid:81181333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e8/508876.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318232/; classtype:trojan-activity;sid:81181332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fvs.zip"; http_uri; depth:8; isdataat:!1,relative; content:"101webdesigners.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318231/; classtype:trojan-activity;sid:81181331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pmm6z.txt"; http_uri; depth:10; isdataat:!1,relative; content:"u.teknik.io"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318230/; classtype:trojan-activity;sid:81181330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dolce.exe"; http_uri; depth:10; isdataat:!1,relative; content:"guccimaneboyscouts.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318229/; classtype:trojan-activity;sid:81181329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/set"; http_uri; depth:4; isdataat:!1,relative; content:"will-clean.hk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318228/; classtype:trojan-activity;sid:81181328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/config"; http_uri; depth:7; isdataat:!1,relative; content:"will-clean.hk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318227/; classtype:trojan-activity;sid:81181327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/afdop"; http_uri; depth:6; isdataat:!1,relative; content:"will-clean.hk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318226/; classtype:trojan-activity;sid:81181326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/afus"; http_uri; depth:5; isdataat:!1,relative; content:"will-clean.hk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318225/; classtype:trojan-activity;sid:81181325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/forinstalls.exe"; http_uri; depth:16; isdataat:!1,relative; content:"will-clean.hk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318224/; classtype:trojan-activity;sid:81181324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.119.70.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318223/; classtype:trojan-activity;sid:81181323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.188.141.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318222/; classtype:trojan-activity;sid:81181322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318221/; classtype:trojan-activity;sid:81181321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.19.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318220/; classtype:trojan-activity;sid:81181320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318219/; classtype:trojan-activity;sid:81181319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.67.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318218/; classtype:trojan-activity;sid:81181318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318217/; classtype:trojan-activity;sid:81181317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.13.0.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318216/; classtype:trojan-activity;sid:81181316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.25.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318215/; classtype:trojan-activity;sid:81181315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318214/; classtype:trojan-activity;sid:81181314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.11.213.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318213/; classtype:trojan-activity;sid:81181313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"45.175.173.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318212/; classtype:trojan-activity;sid:81181312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.15.9.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318211/; classtype:trojan-activity;sid:81181311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.87.61.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318210/; classtype:trojan-activity;sid:81181310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.174.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318209/; classtype:trojan-activity;sid:81181309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.32.26.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318208/; classtype:trojan-activity;sid:81181308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.210.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318207/; classtype:trojan-activity;sid:81181307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.222.195.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318206/; classtype:trojan-activity;sid:81181306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.24.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318205/; classtype:trojan-activity;sid:81181305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318204/; classtype:trojan-activity;sid:81181304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.115.73.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318203/; classtype:trojan-activity;sid:81181303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.50.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318202/; classtype:trojan-activity;sid:81181302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"64.57.171.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318201/; classtype:trojan-activity;sid:81181301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.104.204.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318200/; classtype:trojan-activity;sid:81181300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.233.94.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318199/; classtype:trojan-activity;sid:81181299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/real/ugoooo.exe"; http_uri; depth:16; isdataat:!1,relative; content:"gazpromstaff.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318198/; classtype:trojan-activity;sid:81181298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/new/orderr.exe"; http_uri; depth:15; isdataat:!1,relative; content:"gazpromstaff.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318197/; classtype:trojan-activity;sid:81181297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pagg/pettt.exe"; http_uri; depth:15; isdataat:!1,relative; content:"gazpromstaff.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318196/; classtype:trojan-activity;sid:81181296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/new/order.exe"; http_uri; depth:14; isdataat:!1,relative; content:"gazpromstaff.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318195/; classtype:trojan-activity;sid:81181295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/babs/youn.exe"; http_uri; depth:14; isdataat:!1,relative; content:"gazpromstaff.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318194/; classtype:trojan-activity;sid:81181294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/includes/k51trxxisoikjdg.exe"; http_uri; depth:29; isdataat:!1,relative; content:"gazpromstaff.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318193/; classtype:trojan-activity;sid:81181293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/babs/youngg.exe"; http_uri; depth:16; isdataat:!1,relative; content:"gazpromstaff.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318192/; classtype:trojan-activity;sid:81181292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/q27ejj5g"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318191/; classtype:trojan-activity;sid:81181291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; content:"cdn-007538.share-clouds.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318190/; classtype:trojan-activity;sid:81181290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; content:"cdn-004734.share-clouds.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318189/; classtype:trojan-activity;sid:81181289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mon24/mondayriver.exe"; http_uri; depth:22; isdataat:!1,relative; content:"tamat-812.ml"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318188/; classtype:trojan-activity;sid:81181288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/vbc.exe"; http_uri; depth:17; isdataat:!1,relative; content:"chnfrndsub1inteligentangencysndy4project.duckdns.org"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318187/; classtype:trojan-activity;sid:81181287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/net/results.zip"; http_uri; depth:25; isdataat:!1,relative; content:"thedialedlife.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318186/; classtype:trojan-activity;sid:81181286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ishgjfiuoifhuifhwugfw.bin"; http_uri; depth:26; isdataat:!1,relative; content:"eweodinda.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318185/; classtype:trojan-activity;sid:81181285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/petit/peet.exe"; http_uri; depth:15; isdataat:!1,relative; content:"gazpromstaff.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318184/; classtype:trojan-activity;sid:81181284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demo/stapar.bin"; http_uri; depth:16; isdataat:!1,relative; content:"www.cmsay.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318183/; classtype:trojan-activity;sid:81181283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6au3emv8"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318182/; classtype:trojan-activity;sid:81181282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.123.212.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318181/; classtype:trojan-activity;sid:81181281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.70.159.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318180/; classtype:trojan-activity;sid:81181280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318179/; classtype:trojan-activity;sid:81181279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318178/; classtype:trojan-activity;sid:81181278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318177/; classtype:trojan-activity;sid:81181277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318176/; classtype:trojan-activity;sid:81181276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.183.249.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318175/; classtype:trojan-activity;sid:81181275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.95.187.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318174/; classtype:trojan-activity;sid:81181274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.34.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318173/; classtype:trojan-activity;sid:81181273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318172/; classtype:trojan-activity;sid:81181272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.81.134.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318171/; classtype:trojan-activity;sid:81181271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.191.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318170/; classtype:trojan-activity;sid:81181270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318169/; classtype:trojan-activity;sid:81181269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.152.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318168/; classtype:trojan-activity;sid:81181268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318167/; classtype:trojan-activity;sid:81181267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"37.232.98.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318166/; classtype:trojan-activity;sid:81181266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.104.58.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318165/; classtype:trojan-activity;sid:81181265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lk.a"; http_uri; depth:5; isdataat:!1,relative; content:"185.174.101.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318164/; classtype:trojan-activity;sid:81181264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ts.gz"; http_uri; depth:6; isdataat:!1,relative; content:"185.174.101.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318163/; classtype:trojan-activity;sid:81181263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ts.a"; http_uri; depth:5; isdataat:!1,relative; content:"185.174.101.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318162/; classtype:trojan-activity;sid:81181262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ql.gz"; http_uri; depth:6; isdataat:!1,relative; content:"185.174.101.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318161/; classtype:trojan-activity;sid:81181261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ql.a"; http_uri; depth:5; isdataat:!1,relative; content:"185.174.101.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318160/; classtype:trojan-activity;sid:81181260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/x86"; http_uri; depth:12; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318159/; classtype:trojan-activity;sid:81181259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lk.gz"; http_uri; depth:6; isdataat:!1,relative; content:"185.174.101.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318158/; classtype:trojan-activity;sid:81181258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/daffy.exe"; http_uri; depth:10; isdataat:!1,relative; content:"158.69.39.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318157/; classtype:trojan-activity;sid:81181257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"121.178.131.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318156/; classtype:trojan-activity;sid:81181256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.exe"; http_uri; depth:13; isdataat:!1,relative; content:"pics.crystalridgedesigns.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318155/; classtype:trojan-activity;sid:81181255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rozay.exe"; http_uri; depth:10; isdataat:!1,relative; content:"158.69.39.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318154/; classtype:trojan-activity;sid:81181254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.57.9.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318153/; classtype:trojan-activity;sid:81181253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.4.186.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318152/; classtype:trojan-activity;sid:81181252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.13.21.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318151/; classtype:trojan-activity;sid:81181251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318150/; classtype:trojan-activity;sid:81181250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.211.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318149/; classtype:trojan-activity;sid:81181249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318148/; classtype:trojan-activity;sid:81181248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.85.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318147/; classtype:trojan-activity;sid:81181247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318146/; classtype:trojan-activity;sid:81181246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.110.213.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318145/; classtype:trojan-activity;sid:81181245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.19.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318144/; classtype:trojan-activity;sid:81181244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.194.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318143/; classtype:trojan-activity;sid:81181243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.180.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318142/; classtype:trojan-activity;sid:81181242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.157.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318141/; classtype:trojan-activity;sid:81181241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.13.99.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318140/; classtype:trojan-activity;sid:81181240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.11.215.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318139/; classtype:trojan-activity;sid:81181239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.165.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318138/; classtype:trojan-activity;sid:81181238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318137/; classtype:trojan-activity;sid:81181237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318136/; classtype:trojan-activity;sid:81181236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nda/putin.js"; http_uri; depth:13; isdataat:!1,relative; content:"www.statuscrew.gr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318135/; classtype:trojan-activity;sid:81181235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/office/fact.jpg"; http_uri; depth:16; isdataat:!1,relative; content:"janvierassocies.fr"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318134/; classtype:trojan-activity;sid:81181234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/clearance.rtf"; http_uri; depth:20; isdataat:!1,relative; content:"office-archives.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318133/; classtype:trojan-activity;sid:81181233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/val/val_bc8b.exe"; http_uri; depth:17; isdataat:!1,relative; content:"91.92.136.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318132/; classtype:trojan-activity;sid:81181232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e8/6302877.jpg"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318131/; classtype:trojan-activity;sid:81181231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/drive/2018/11/12/0027/3642/1777210/10/7f00c6173d.txt"; http_uri; depth:53; isdataat:!1,relative; content:"dl4.joxi.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318130/; classtype:trojan-activity;sid:81181230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dachp_encrypted_7a3630.bin"; http_uri; depth:27; isdataat:!1,relative; content:"seivenco.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318129/; classtype:trojan-activity;sid:81181229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/p-17-4.dll"; http_uri; depth:11; isdataat:!1,relative; content:"ytrytx17x.s3.us-east-2.amazonaws.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318128/; classtype:trojan-activity;sid:81181228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.70.17.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318127/; classtype:trojan-activity;sid:81181227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318126/; classtype:trojan-activity;sid:81181226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318125/; classtype:trojan-activity;sid:81181225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.212.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318124/; classtype:trojan-activity;sid:81181224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.45.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318123/; classtype:trojan-activity;sid:81181223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.63.189.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318122/; classtype:trojan-activity;sid:81181222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.186.6.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318121/; classtype:trojan-activity;sid:81181221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.226.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318120/; classtype:trojan-activity;sid:81181220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.229.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318119/; classtype:trojan-activity;sid:81181219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.215.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318118/; classtype:trojan-activity;sid:81181218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.191.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318117/; classtype:trojan-activity;sid:81181217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.110.94.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318116/; classtype:trojan-activity;sid:81181216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"66.38.93.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318115/; classtype:trojan-activity;sid:81181215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"72.2.241.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318114/; classtype:trojan-activity;sid:81181214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.159.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318113/; classtype:trojan-activity;sid:81181213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.104.228.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318112/; classtype:trojan-activity;sid:81181212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.26.160.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318111/; classtype:trojan-activity;sid:81181211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"69.139.2.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318110/; classtype:trojan-activity;sid:81181210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/r5mfmmui"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318109/; classtype:trojan-activity;sid:81181209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploadfile/2017/winrar.exe"; http_uri; depth:27; isdataat:!1,relative; content:"www.74.yhlg.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318108/; classtype:trojan-activity;sid:81181208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.224.240.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318107/; classtype:trojan-activity;sid:81181207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318106/; classtype:trojan-activity;sid:81181206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"185.103.138.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318105/; classtype:trojan-activity;sid:81181205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.181.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318104/; classtype:trojan-activity;sid:81181204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.125.199.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318103/; classtype:trojan-activity;sid:81181203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.18.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318102/; classtype:trojan-activity;sid:81181202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.160.177.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318101/; classtype:trojan-activity;sid:81181201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.176.46.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318100/; classtype:trojan-activity;sid:81181200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.52.246.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318099/; classtype:trojan-activity;sid:81181199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.63.38.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318098/; classtype:trojan-activity;sid:81181198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.76.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318097/; classtype:trojan-activity;sid:81181197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318096/; classtype:trojan-activity;sid:81181196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.161.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318095/; classtype:trojan-activity;sid:81181195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318094/; classtype:trojan-activity;sid:81181194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.108.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318093/; classtype:trojan-activity;sid:81181193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.144.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318092/; classtype:trojan-activity;sid:81181192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.88.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318091/; classtype:trojan-activity;sid:81181191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vbarmgwr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318090/; classtype:trojan-activity;sid:81181190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.254.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318089/; classtype:trojan-activity;sid:81181189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"111.40.79.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318088/; classtype:trojan-activity;sid:81181188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uh7zu6g4"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318087/; classtype:trojan-activity;sid:81181187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"104.168.201.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318086/; classtype:trojan-activity;sid:81181186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"46.19.143.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318085/; classtype:trojan-activity;sid:81181185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"46.19.143.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318084/; classtype:trojan-activity;sid:81181184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"46.19.143.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318083/; classtype:trojan-activity;sid:81181183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"46.19.143.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318082/; classtype:trojan-activity;sid:81181182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"104.168.201.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318081/; classtype:trojan-activity;sid:81181181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"104.168.201.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318080/; classtype:trojan-activity;sid:81181180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"104.168.201.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318079/; classtype:trojan-activity;sid:81181179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"46.19.143.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318078/; classtype:trojan-activity;sid:81181178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"104.168.201.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318077/; classtype:trojan-activity;sid:81181177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"104.168.201.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318076/; classtype:trojan-activity;sid:81181176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"46.19.143.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318075/; classtype:trojan-activity;sid:81181175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"104.168.201.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318074/; classtype:trojan-activity;sid:81181174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/auhsdbins.sh"; http_uri; depth:13; isdataat:!1,relative; content:"104.168.201.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318073/; classtype:trojan-activity;sid:81181173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"46.19.143.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318072/; classtype:trojan-activity;sid:81181172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"104.168.201.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318071/; classtype:trojan-activity;sid:81181171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.254.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318070/; classtype:trojan-activity;sid:81181170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318069/; classtype:trojan-activity;sid:81181169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.3.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318068/; classtype:trojan-activity;sid:81181168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.234.66.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318067/; classtype:trojan-activity;sid:81181167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.10.4.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318066/; classtype:trojan-activity;sid:81181166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.255.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318065/; classtype:trojan-activity;sid:81181165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.202.69.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318064/; classtype:trojan-activity;sid:81181164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.114.15.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318063/; classtype:trojan-activity;sid:81181163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318062/; classtype:trojan-activity;sid:81181162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318061/; classtype:trojan-activity;sid:81181161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.39.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318060/; classtype:trojan-activity;sid:81181160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.70.162.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318059/; classtype:trojan-activity;sid:81181159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.186.37.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318058/; classtype:trojan-activity;sid:81181158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.180.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318057/; classtype:trojan-activity;sid:81181157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.118.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318056/; classtype:trojan-activity;sid:81181156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.188.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318055/; classtype:trojan-activity;sid:81181155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.248.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318054/; classtype:trojan-activity;sid:81181154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.83.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318053/; classtype:trojan-activity;sid:81181153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/y0dy7r3j"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318052/; classtype:trojan-activity;sid:81181152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318051/; classtype:trojan-activity;sid:81181151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mips"; http_uri; depth:11; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318050/; classtype:trojan-activity;sid:81181150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318049/; classtype:trojan-activity;sid:81181149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x86"; http_uri; depth:10; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318048/; classtype:trojan-activity;sid:81181148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318047/; classtype:trojan-activity;sid:81181147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318046/; classtype:trojan-activity;sid:81181146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318045/; classtype:trojan-activity;sid:81181145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318044/; classtype:trojan-activity;sid:81181144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318043/; classtype:trojan-activity;sid:81181143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i686"; http_uri; depth:11; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318042/; classtype:trojan-activity;sid:81181142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm7"; http_uri; depth:11; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318041/; classtype:trojan-activity;sid:81181141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i586"; http_uri; depth:11; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318040/; classtype:trojan-activity;sid:81181140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318039/; classtype:trojan-activity;sid:81181139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"198.23.221.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318038/; classtype:trojan-activity;sid:81181138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/origin/newone/orderlist20202402.exe"; http_uri; depth:36; isdataat:!1,relative; content:"shark.temp-serviceinc.tk"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318037/; classtype:trojan-activity;sid:81181137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.251.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318036/; classtype:trojan-activity;sid:81181136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.67.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318035/; classtype:trojan-activity;sid:81181135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.199.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318034/; classtype:trojan-activity;sid:81181134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.235.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318033/; classtype:trojan-activity;sid:81181133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.214.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318032/; classtype:trojan-activity;sid:81181132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.233.207.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318031/; classtype:trojan-activity;sid:81181131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"64.57.169.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318030/; classtype:trojan-activity;sid:81181130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.17.199.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318029/; classtype:trojan-activity;sid:81181129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318028/; classtype:trojan-activity;sid:81181128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.196.233.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318027/; classtype:trojan-activity;sid:81181127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.98.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318026/; classtype:trojan-activity;sid:81181126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.249.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318025/; classtype:trojan-activity;sid:81181125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.100.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318024/; classtype:trojan-activity;sid:81181124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318023/; classtype:trojan-activity;sid:81181123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.175.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318022/; classtype:trojan-activity;sid:81181122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.15.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318021/; classtype:trojan-activity;sid:81181121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.163.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318020/; classtype:trojan-activity;sid:81181120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.156.97.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318019/; classtype:trojan-activity;sid:81181119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318018/; classtype:trojan-activity;sid:81181118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318017/; classtype:trojan-activity;sid:81181117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.55.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_24; reference:url, urlhaus.abuse.ch/url/318016/; classtype:trojan-activity;sid:81181116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"211.235.48.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318015/; classtype:trojan-activity;sid:81181115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"212.225.200.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318014/; classtype:trojan-activity;sid:81181114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downfiles/5.exe"; http_uri; depth:16; isdataat:!1,relative; content:"jload03.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318013/; classtype:trojan-activity;sid:81181113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.phpfile=1.exe"; http_uri; depth:23; isdataat:!1,relative; content:"jload03.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318012/; classtype:trojan-activity;sid:81181112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downfiles/3.exe"; http_uri; depth:16; isdataat:!1,relative; content:"jload03.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318011/; classtype:trojan-activity;sid:81181111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.phpfile=3.exe"; http_uri; depth:23; isdataat:!1,relative; content:"jload03.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318010/; classtype:trojan-activity;sid:81181110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downfiles/1.exe"; http_uri; depth:16; isdataat:!1,relative; content:"jload03.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318009/; classtype:trojan-activity;sid:81181109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nekppx62"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318008/; classtype:trojan-activity;sid:81181108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v72pmvgw"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318007/; classtype:trojan-activity;sid:81181107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xdt0rngj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318006/; classtype:trojan-activity;sid:81181106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.59.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318005/; classtype:trojan-activity;sid:81181105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318004/; classtype:trojan-activity;sid:81181104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318003/; classtype:trojan-activity;sid:81181103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.164.57.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318002/; classtype:trojan-activity;sid:81181102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.58.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318001/; classtype:trojan-activity;sid:81181101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.123.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/318000/; classtype:trojan-activity;sid:81181100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.186.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317999/; classtype:trojan-activity;sid:81181099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.51.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317998/; classtype:trojan-activity;sid:81181098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"173.242.132.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317997/; classtype:trojan-activity;sid:81181097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.102.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317996/; classtype:trojan-activity;sid:81181096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317995/; classtype:trojan-activity;sid:81181095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317994/; classtype:trojan-activity;sid:81181094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317993/; classtype:trojan-activity;sid:81181093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.130.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317992/; classtype:trojan-activity;sid:81181092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317991/; classtype:trojan-activity;sid:81181091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/byebpkpi"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317990/; classtype:trojan-activity;sid:81181090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hzjykhtc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317989/; classtype:trojan-activity;sid:81181089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1gtdjs9d"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317988/; classtype:trojan-activity;sid:81181088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/booty.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"a.deadnig.ga"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317987/; classtype:trojan-activity;sid:81181087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/booty.mipsel"; http_uri; depth:13; isdataat:!1,relative; content:"a.deadnig.ga"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317986/; classtype:trojan-activity;sid:81181086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/booty.mips"; http_uri; depth:11; isdataat:!1,relative; content:"a.deadnig.ga"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317985/; classtype:trojan-activity;sid:81181085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/booty.arm7"; http_uri; depth:11; isdataat:!1,relative; content:"a.deadnig.ga"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317984/; classtype:trojan-activity;sid:81181084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/booty.x86_64"; http_uri; depth:13; isdataat:!1,relative; content:"a.deadnig.ga"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317983/; classtype:trojan-activity;sid:81181083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/booty.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"a.deadnig.ga"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317982/; classtype:trojan-activity;sid:81181082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.111.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317981/; classtype:trojan-activity;sid:81181081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.5.187.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317980/; classtype:trojan-activity;sid:81181080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.3.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317979/; classtype:trojan-activity;sid:81181079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.76.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317978/; classtype:trojan-activity;sid:81181078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.70.85.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317977/; classtype:trojan-activity;sid:81181077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.111.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317976/; classtype:trojan-activity;sid:81181076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.115.75.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317975/; classtype:trojan-activity;sid:81181075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.223.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317974/; classtype:trojan-activity;sid:81181074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.248.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317973/; classtype:trojan-activity;sid:81181073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317972/; classtype:trojan-activity;sid:81181072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.235.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317971/; classtype:trojan-activity;sid:81181071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.6.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317970/; classtype:trojan-activity;sid:81181070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.31.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317969/; classtype:trojan-activity;sid:81181069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317968/; classtype:trojan-activity;sid:81181068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.160.177.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317967/; classtype:trojan-activity;sid:81181067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"177.84.138.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317966/; classtype:trojan-activity;sid:81181066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.52.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317965/; classtype:trojan-activity;sid:81181065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.2.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317964/; classtype:trojan-activity;sid:81181064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.142.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317963/; classtype:trojan-activity;sid:81181063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317962/; classtype:trojan-activity;sid:81181062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317961/; classtype:trojan-activity;sid:81181061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"118.255.62.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317960/; classtype:trojan-activity;sid:81181060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.235.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317959/; classtype:trojan-activity;sid:81181059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.13.26.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317958/; classtype:trojan-activity;sid:81181058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317957/; classtype:trojan-activity;sid:81181057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317956/; classtype:trojan-activity;sid:81181056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.153.190.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317955/; classtype:trojan-activity;sid:81181055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317954/; classtype:trojan-activity;sid:81181054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.110.61.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317953/; classtype:trojan-activity;sid:81181053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.87.169.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317952/; classtype:trojan-activity;sid:81181052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.218.13.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317951/; classtype:trojan-activity;sid:81181051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317950/; classtype:trojan-activity;sid:81181050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.82.215.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317949/; classtype:trojan-activity;sid:81181049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.118.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317948/; classtype:trojan-activity;sid:81181048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317947/; classtype:trojan-activity;sid:81181047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.172.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317946/; classtype:trojan-activity;sid:81181046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317945/; classtype:trojan-activity;sid:81181045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.230.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317944/; classtype:trojan-activity;sid:81181044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.225.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317943/; classtype:trojan-activity;sid:81181043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.104.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317942/; classtype:trojan-activity;sid:81181042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"221.210.211.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317941/; classtype:trojan-activity;sid:81181041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fhjgtm52"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317940/; classtype:trojan-activity;sid:81181040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downfiles/2.exe"; http_uri; depth:16; isdataat:!1,relative; content:"jload03.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317939/; classtype:trojan-activity;sid:81181039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wy2lwfi0"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317938/; classtype:trojan-activity;sid:81181038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xqkutvfh"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317937/; classtype:trojan-activity;sid:81181037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v6jgmqvd"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317936/; classtype:trojan-activity;sid:81181036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/eygr2p6f"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317935/; classtype:trojan-activity;sid:81181035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nkmyggp7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317934/; classtype:trojan-activity;sid:81181034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xmfkpx4c"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317933/; classtype:trojan-activity;sid:81181033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/srln0kaa"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317932/; classtype:trojan-activity;sid:81181032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/60gb/sundayalexx.exe"; http_uri; depth:21; isdataat:!1,relative; content:"nnedvegetables-seller148.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317931/; classtype:trojan-activity;sid:81181031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/60gb/sundaysweetie.exe"; http_uri; depth:23; isdataat:!1,relative; content:"nnedvegetables-seller148.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317930/; classtype:trojan-activity;sid:81181030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"138.197.222.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317929/; classtype:trojan-activity;sid:81181029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"138.197.222.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317928/; classtype:trojan-activity;sid:81181028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"138.197.222.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317927/; classtype:trojan-activity;sid:81181027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"111.40.111.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317926/; classtype:trojan-activity;sid:81181026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"138.197.222.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317925/; classtype:trojan-activity;sid:81181025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"138.197.222.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317924/; classtype:trojan-activity;sid:81181024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"138.197.222.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317923/; classtype:trojan-activity;sid:81181023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"138.197.222.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317922/; classtype:trojan-activity;sid:81181022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"138.197.222.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317921/; classtype:trojan-activity;sid:81181021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"138.197.222.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317920/; classtype:trojan-activity;sid:81181020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"138.197.222.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317919/; classtype:trojan-activity;sid:81181019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"138.197.222.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317918/; classtype:trojan-activity;sid:81181018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317917/; classtype:trojan-activity;sid:81181017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317916/; classtype:trojan-activity;sid:81181016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317915/; classtype:trojan-activity;sid:81181015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm"; http_uri; depth:16; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317914/; classtype:trojan-activity;sid:81181014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317913/; classtype:trojan-activity;sid:81181013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317912/; classtype:trojan-activity;sid:81181012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.spc"; http_uri; depth:16; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317911/; classtype:trojan-activity;sid:81181011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317910/; classtype:trojan-activity;sid:81181010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317909/; classtype:trojan-activity;sid:81181009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mips"; http_uri; depth:17; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317908/; classtype:trojan-activity;sid:81181008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.x86"; http_uri; depth:16; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317907/; classtype:trojan-activity;sid:81181007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"5.2.79.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317906/; classtype:trojan-activity;sid:81181006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.mips"; http_uri; depth:16; isdataat:!1,relative; content:"5.2.79.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317905/; classtype:trojan-activity;sid:81181005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"104.168.169.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317904/; classtype:trojan-activity;sid:81181004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"104.168.169.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317903/; classtype:trojan-activity;sid:81181003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"104.168.169.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317902/; classtype:trojan-activity;sid:81181002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; content:"104.168.169.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317901/; classtype:trojan-activity;sid:81181001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"104.168.169.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317900/; classtype:trojan-activity;sid:81181000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"104.168.169.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317899/; classtype:trojan-activity;sid:81180999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; content:"104.168.169.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317898/; classtype:trojan-activity;sid:81180998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"104.168.169.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317897/; classtype:trojan-activity;sid:81180997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"104.168.169.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317896/; classtype:trojan-activity;sid:81180996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; content:"104.168.169.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317895/; classtype:trojan-activity;sid:81180995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"104.168.169.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317894/; classtype:trojan-activity;sid:81180994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"157.245.235.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317893/; classtype:trojan-activity;sid:81180993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1ctqmlahjh6mdyxu5ovxh_m1mrivpsfqz"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317882/; classtype:trojan-activity;sid:81180982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.117.184.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317881/; classtype:trojan-activity;sid:81180981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317880/; classtype:trojan-activity;sid:81180980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317879/; classtype:trojan-activity;sid:81180979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.68.229.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317878/; classtype:trojan-activity;sid:81180978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"192.240.51.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317877/; classtype:trojan-activity;sid:81180977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"171.107.0.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317876/; classtype:trojan-activity;sid:81180976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.233.158.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317875/; classtype:trojan-activity;sid:81180975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"77.43.186.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317874/; classtype:trojan-activity;sid:81180974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.0.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317873/; classtype:trojan-activity;sid:81180973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317872/; classtype:trojan-activity;sid:81180972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317871/; classtype:trojan-activity;sid:81180971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.168.143.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317870/; classtype:trojan-activity;sid:81180970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317869/; classtype:trojan-activity;sid:81180969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"177.128.34.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317868/; classtype:trojan-activity;sid:81180968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317867/; classtype:trojan-activity;sid:81180967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.69.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317866/; classtype:trojan-activity;sid:81180966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"171.43.33.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317865/; classtype:trojan-activity;sid:81180965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317864/; classtype:trojan-activity;sid:81180964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scheckie.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"183.221.125.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317863/; classtype:trojan-activity;sid:81180963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scheckie.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"183.221.125.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317862/; classtype:trojan-activity;sid:81180962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scheckie.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"183.221.125.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317861/; classtype:trojan-activity;sid:81180961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scheckie.arm"; http_uri; depth:13; isdataat:!1,relative; content:"183.221.125.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317860/; classtype:trojan-activity;sid:81180960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scheckie.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"183.221.125.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317859/; classtype:trojan-activity;sid:81180959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scheckie.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"183.221.125.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317858/; classtype:trojan-activity;sid:81180958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scheckie.spc"; http_uri; depth:13; isdataat:!1,relative; content:"183.221.125.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317857/; classtype:trojan-activity;sid:81180957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scheckie.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"183.221.125.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317856/; classtype:trojan-activity;sid:81180956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scheckie.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"183.221.125.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317855/; classtype:trojan-activity;sid:81180955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scheckie.mips"; http_uri; depth:14; isdataat:!1,relative; content:"183.221.125.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317854/; classtype:trojan-activity;sid:81180954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scheckie.x86"; http_uri; depth:13; isdataat:!1,relative; content:"183.221.125.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317853/; classtype:trojan-activity;sid:81180953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"5.2.79.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317852/; classtype:trojan-activity;sid:81180952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.spc"; http_uri; depth:15; isdataat:!1,relative; content:"5.2.79.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317851/; classtype:trojan-activity;sid:81180951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"5.2.79.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317850/; classtype:trojan-activity;sid:81180950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"5.2.79.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317849/; classtype:trojan-activity;sid:81180949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"5.2.79.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317848/; classtype:trojan-activity;sid:81180948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"5.2.79.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317847/; classtype:trojan-activity;sid:81180947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"5.2.79.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317846/; classtype:trojan-activity;sid:81180946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.arm"; http_uri; depth:15; isdataat:!1,relative; content:"5.2.79.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317845/; classtype:trojan-activity;sid:81180945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"5.2.79.82"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317844/; classtype:trojan-activity;sid:81180944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"107.175.35.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317843/; classtype:trojan-activity;sid:81180943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; content:"107.175.35.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317842/; classtype:trojan-activity;sid:81180942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"107.175.35.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317841/; classtype:trojan-activity;sid:81180941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"107.175.35.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317840/; classtype:trojan-activity;sid:81180940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; content:"107.175.35.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317839/; classtype:trojan-activity;sid:81180939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"107.175.35.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317838/; classtype:trojan-activity;sid:81180938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"107.175.35.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317837/; classtype:trojan-activity;sid:81180937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"107.175.35.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317836/; classtype:trojan-activity;sid:81180936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"107.175.35.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317835/; classtype:trojan-activity;sid:81180935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; content:"107.175.35.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317834/; classtype:trojan-activity;sid:81180934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"107.175.35.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317833/; classtype:trojan-activity;sid:81180933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"149.28.94.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317832/; classtype:trojan-activity;sid:81180932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.spc"; http_uri; depth:16; isdataat:!1,relative; content:"149.28.94.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317831/; classtype:trojan-activity;sid:81180931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"149.28.94.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317830/; classtype:trojan-activity;sid:81180930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"149.28.94.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317829/; classtype:trojan-activity;sid:81180929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mips"; http_uri; depth:17; isdataat:!1,relative; content:"149.28.94.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317828/; classtype:trojan-activity;sid:81180928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"149.28.94.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317827/; classtype:trojan-activity;sid:81180927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"149.28.94.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317826/; classtype:trojan-activity;sid:81180926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"149.28.94.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317825/; classtype:trojan-activity;sid:81180925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"149.28.94.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317824/; classtype:trojan-activity;sid:81180924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm"; http_uri; depth:16; isdataat:!1,relative; content:"149.28.94.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317823/; classtype:trojan-activity;sid:81180923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.x86"; http_uri; depth:16; isdataat:!1,relative; content:"149.28.94.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317822/; classtype:trojan-activity;sid:81180922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"58.8.192.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317821/; classtype:trojan-activity;sid:81180921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ucexport=download|7c|26|7c|id=1umyaxonn-i1lgikvkkaifmy-fwlfhoaw"; http_uri; depth:64; isdataat:!1,relative; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317820/; classtype:trojan-activity;sid:81180920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ackaqk36"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317819/; classtype:trojan-activity;sid:81180919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/w3tpdhpw"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317818/; classtype:trojan-activity;sid:81180918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zed/newe.msi"; http_uri; depth:13; isdataat:!1,relative; content:"www.wiserecruitment.com.au"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317817/; classtype:trojan-activity;sid:81180917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.212.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317816/; classtype:trojan-activity;sid:81180916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"185.103.138.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317815/; classtype:trojan-activity;sid:81180915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.5.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317814/; classtype:trojan-activity;sid:81180914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"62.16.45.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317813/; classtype:trojan-activity;sid:81180913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317812/; classtype:trojan-activity;sid:81180912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.35.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317811/; classtype:trojan-activity;sid:81180911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.52.162.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317810/; classtype:trojan-activity;sid:81180910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.19.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317809/; classtype:trojan-activity;sid:81180909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.233.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317808/; classtype:trojan-activity;sid:81180908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317807/; classtype:trojan-activity;sid:81180907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.217.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317806/; classtype:trojan-activity;sid:81180906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.25.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317805/; classtype:trojan-activity;sid:81180905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.94.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317804/; classtype:trojan-activity;sid:81180904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.34.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317803/; classtype:trojan-activity;sid:81180903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.187.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317802/; classtype:trojan-activity;sid:81180902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317801/; classtype:trojan-activity;sid:81180901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317800/; classtype:trojan-activity;sid:81180900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.18.157.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317799/; classtype:trojan-activity;sid:81180899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ss0fjgn9"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317798/; classtype:trojan-activity;sid:81180898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/crypter/arrays/178bfbff00670f00-moaupgrpfvpz.txt"; http_uri; depth:49; isdataat:!1,relative; content:"107.189.7.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317797/; classtype:trojan-activity;sid:81180897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/update/upd.exe"; http_uri; depth:15; isdataat:!1,relative; content:"pdfescape.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317796/; classtype:trojan-activity;sid:81180896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"182.113.206.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317795/; classtype:trojan-activity;sid:81180895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317794/; classtype:trojan-activity;sid:81180894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.59.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317793/; classtype:trojan-activity;sid:81180893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"72.2.253.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317792/; classtype:trojan-activity;sid:81180892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.222.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317791/; classtype:trojan-activity;sid:81180891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"185.103.138.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317790/; classtype:trojan-activity;sid:81180890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317789/; classtype:trojan-activity;sid:81180889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"177.128.32.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317788/; classtype:trojan-activity;sid:81180888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.161.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317787/; classtype:trojan-activity;sid:81180887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317786/; classtype:trojan-activity;sid:81180886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ebtm7s5q"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317785/; classtype:trojan-activity;sid:81180885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/53"; http_uri; depth:3; isdataat:!1,relative; content:"23.228.109.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317784/; classtype:trojan-activity;sid:81180884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"122.116.95.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317783/; classtype:trojan-activity;sid:81180883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zed/new.exe"; http_uri; depth:12; isdataat:!1,relative; content:"www.wiserecruitment.com.au"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317782/; classtype:trojan-activity;sid:81180882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.93.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317781/; classtype:trojan-activity;sid:81180881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.103.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317780/; classtype:trojan-activity;sid:81180880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.9.248.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317779/; classtype:trojan-activity;sid:81180879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.107.137.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317778/; classtype:trojan-activity;sid:81180878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.187.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317777/; classtype:trojan-activity;sid:81180877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.168.43.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317776/; classtype:trojan-activity;sid:81180876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317775/; classtype:trojan-activity;sid:81180875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.10.46.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317774/; classtype:trojan-activity;sid:81180874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.6.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317773/; classtype:trojan-activity;sid:81180873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.215.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317772/; classtype:trojan-activity;sid:81180872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.8.51.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317771/; classtype:trojan-activity;sid:81180871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.133.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317770/; classtype:trojan-activity;sid:81180870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317769/; classtype:trojan-activity;sid:81180869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.115.52.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317768/; classtype:trojan-activity;sid:81180868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.208.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317767/; classtype:trojan-activity;sid:81180867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.149.20.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317766/; classtype:trojan-activity;sid:81180866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kjfhxr3f"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317765/; classtype:trojan-activity;sid:81180865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zc7axuw9"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317764/; classtype:trojan-activity;sid:81180864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/acxyrcus"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317763/; classtype:trojan-activity;sid:81180863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5s6m7x8s"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317762/; classtype:trojan-activity;sid:81180862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/prtmkr99"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317761/; classtype:trojan-activity;sid:81180861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vbckm12u"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317760/; classtype:trojan-activity;sid:81180860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.195.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317759/; classtype:trojan-activity;sid:81180859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.195.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317758/; classtype:trojan-activity;sid:81180858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.21.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317757/; classtype:trojan-activity;sid:81180857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.28.98.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317756/; classtype:trojan-activity;sid:81180856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317755/; classtype:trojan-activity;sid:81180855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317754/; classtype:trojan-activity;sid:81180854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317753/; classtype:trojan-activity;sid:81180853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.203.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317752/; classtype:trojan-activity;sid:81180852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.165.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317751/; classtype:trojan-activity;sid:81180851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317750/; classtype:trojan-activity;sid:81180850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317749/; classtype:trojan-activity;sid:81180849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.119.190.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317748/; classtype:trojan-activity;sid:81180848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.96.250.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317747/; classtype:trojan-activity;sid:81180847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.177.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317746/; classtype:trojan-activity;sid:81180846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.249.251.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317745/; classtype:trojan-activity;sid:81180845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.52.213.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317744/; classtype:trojan-activity;sid:81180844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yxalfcj2"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317743/; classtype:trojan-activity;sid:81180843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tv.exe"; http_uri; depth:7; isdataat:!1,relative; content:"bitcolife.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317742/; classtype:trojan-activity;sid:81180842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wallet.exe"; http_uri; depth:11; isdataat:!1,relative; content:"investime.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317741/; classtype:trojan-activity;sid:81180841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/predik.exe"; http_uri; depth:11; isdataat:!1,relative; content:"investime.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317740/; classtype:trojan-activity;sid:81180840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/modulos/gracewarzone_encrypted_93b76cf.bin"; http_uri; depth:43; isdataat:!1,relative; content:"tecnogen.pe"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317739/; classtype:trojan-activity;sid:81180839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/upload/open.exe"; http_uri; depth:16; isdataat:!1,relative; content:"semantrus.pw"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317738/; classtype:trojan-activity;sid:81180838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pe.exe"; http_uri; depth:7; isdataat:!1,relative; content:"92.63.197.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317737/; classtype:trojan-activity;sid:81180837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; content:"85.204.116.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317736/; classtype:trojan-activity;sid:81180836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; content:"85.204.116.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317735/; classtype:trojan-activity;sid:81180835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"85.204.116.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317734/; classtype:trojan-activity;sid:81180834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"85.204.116.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317733/; classtype:trojan-activity;sid:81180833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"85.204.116.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317732/; classtype:trojan-activity;sid:81180832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; content:"85.204.116.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317731/; classtype:trojan-activity;sid:81180831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; content:"85.204.116.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317730/; classtype:trojan-activity;sid:81180830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/logs/shipmentinfo.jar"; http_uri; depth:22; isdataat:!1,relative; content:"f3site.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317729/; classtype:trojan-activity;sid:81180829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"85.204.116.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317728/; classtype:trojan-activity;sid:81180828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"85.204.116.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317727/; classtype:trojan-activity;sid:81180827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"85.204.116.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317726/; classtype:trojan-activity;sid:81180826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"85.204.116.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317725/; classtype:trojan-activity;sid:81180825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ahab1337/hack/master/downloads.exe"; http_uri; depth:35; isdataat:!1,relative; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317724/; classtype:trojan-activity;sid:81180824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bot/bot.x86_64"; http_uri; depth:15; isdataat:!1,relative; content:"194.180.224.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317723/; classtype:trojan-activity;sid:81180823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"182.176.83.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317722/; classtype:trojan-activity;sid:81180822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.226.79.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317721/; classtype:trojan-activity;sid:81180821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317720/; classtype:trojan-activity;sid:81180820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.109.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317719/; classtype:trojan-activity;sid:81180819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.154.112.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317718/; classtype:trojan-activity;sid:81180818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.13.27.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317717/; classtype:trojan-activity;sid:81180817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317716/; classtype:trojan-activity;sid:81180816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.20.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317715/; classtype:trojan-activity;sid:81180815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.15.53.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317714/; classtype:trojan-activity;sid:81180814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317713/; classtype:trojan-activity;sid:81180813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.179.25.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317712/; classtype:trojan-activity;sid:81180812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317711/; classtype:trojan-activity;sid:81180811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.203.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317710/; classtype:trojan-activity;sid:81180810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"14.37.209.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317709/; classtype:trojan-activity;sid:81180809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/q69dmjrx"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317708/; classtype:trojan-activity;sid:81180808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/logs/shipmentinfo.jar"; http_uri; depth:22; isdataat:!1,relative; content:"f3site.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317707/; classtype:trojan-activity;sid:81180807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.212.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317706/; classtype:trojan-activity;sid:81180806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.119.110.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317705/; classtype:trojan-activity;sid:81180805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317704/; classtype:trojan-activity;sid:81180804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317703/; classtype:trojan-activity;sid:81180803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317702/; classtype:trojan-activity;sid:81180802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.30.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317701/; classtype:trojan-activity;sid:81180801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.24.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317700/; classtype:trojan-activity;sid:81180800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.147.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317699/; classtype:trojan-activity;sid:81180799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.70.126.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317698/; classtype:trojan-activity;sid:81180798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.116.34.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317697/; classtype:trojan-activity;sid:81180797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.14.255.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317696/; classtype:trojan-activity;sid:81180796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.223.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317695/; classtype:trojan-activity;sid:81180795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.133.153.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317694/; classtype:trojan-activity;sid:81180794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.115.77.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317693/; classtype:trojan-activity;sid:81180793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.228.223.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317692/; classtype:trojan-activity;sid:81180792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.207.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317691/; classtype:trojan-activity;sid:81180791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.110.107.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317690/; classtype:trojan-activity;sid:81180790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.151.92.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317689/; classtype:trojan-activity;sid:81180789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kexb89xm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317688/; classtype:trojan-activity;sid:81180788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/%ef%bb%bf60_3.exe"; http_uri; depth:24; isdataat:!1,relative; content:"darkload.cf"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317687/; classtype:trojan-activity;sid:81180787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"27.78.77.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317686/; classtype:trojan-activity;sid:81180786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nzdqezw9"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317685/; classtype:trojan-activity;sid:81180785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317684/; classtype:trojan-activity;sid:81180784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.27.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317683/; classtype:trojan-activity;sid:81180783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.69.75.22"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317682/; classtype:trojan-activity;sid:81180782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.115.33.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317681/; classtype:trojan-activity;sid:81180781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.12.3.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317680/; classtype:trojan-activity;sid:81180780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317679/; classtype:trojan-activity;sid:81180779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.133.230.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317678/; classtype:trojan-activity;sid:81180778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.189.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317677/; classtype:trojan-activity;sid:81180777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.178.197.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317676/; classtype:trojan-activity;sid:81180776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.43.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317675/; classtype:trojan-activity;sid:81180775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.133.224.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317674/; classtype:trojan-activity;sid:81180774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.69.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317673/; classtype:trojan-activity;sid:81180773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.110.101.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317672/; classtype:trojan-activity;sid:81180772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.115.68.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317671/; classtype:trojan-activity;sid:81180771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.212.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317670/; classtype:trojan-activity;sid:81180770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/meat_f320.exe"; http_uri; depth:14; isdataat:!1,relative; content:"185.112.249.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317669/; classtype:trojan-activity;sid:81180769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zx72jex3"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317668/; classtype:trojan-activity;sid:81180768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y37437473.fdg"; http_uri; depth:14; isdataat:!1,relative; content:"feelgreatnow.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317667/; classtype:trojan-activity;sid:81180767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.180.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317666/; classtype:trojan-activity;sid:81180766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.56.191.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317665/; classtype:trojan-activity;sid:81180765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.117.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317664/; classtype:trojan-activity;sid:81180764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317663/; classtype:trojan-activity;sid:81180763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.61.116.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317662/; classtype:trojan-activity;sid:81180762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.35.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317661/; classtype:trojan-activity;sid:81180761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.233.85.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317660/; classtype:trojan-activity;sid:81180760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.133.229.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317659/; classtype:trojan-activity;sid:81180759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.10.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317658/; classtype:trojan-activity;sid:81180758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317657/; classtype:trojan-activity;sid:81180757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317656/; classtype:trojan-activity;sid:81180756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.52.161.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317655/; classtype:trojan-activity;sid:81180755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317654/; classtype:trojan-activity;sid:81180754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317653/; classtype:trojan-activity;sid:81180753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.108.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317652/; classtype:trojan-activity;sid:81180752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.210.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317651/; classtype:trojan-activity;sid:81180751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.88.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317650/; classtype:trojan-activity;sid:81180750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.222.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317649/; classtype:trojan-activity;sid:81180749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317648/; classtype:trojan-activity;sid:81180748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317647/; classtype:trojan-activity;sid:81180747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.96.250.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317646/; classtype:trojan-activity;sid:81180746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"177.128.35.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317645/; classtype:trojan-activity;sid:81180745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317644/; classtype:trojan-activity;sid:81180744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.155.32.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317643/; classtype:trojan-activity;sid:81180743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"66.38.95.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317642/; classtype:trojan-activity;sid:81180742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.77.90.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_23; reference:url, urlhaus.abuse.ch/url/317641/; classtype:trojan-activity;sid:81180741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"211.32.3.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317640/; classtype:trojan-activity;sid:81180740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uxrwyebf"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317639/; classtype:trojan-activity;sid:81180739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/n30vgfth"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317638/; classtype:trojan-activity;sid:81180738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nkpsefba"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317637/; classtype:trojan-activity;sid:81180737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/aikzckie"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317636/; classtype:trojan-activity;sid:81180736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2pbzn3ra"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317635/; classtype:trojan-activity;sid:81180735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.arc"; http_uri; depth:18; isdataat:!1,relative; content:"45.148.10.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317634/; classtype:trojan-activity;sid:81180734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"45.148.10.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317633/; classtype:trojan-activity;sid:81180733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"118.232.96.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317632/; classtype:trojan-activity;sid:81180732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.13.3.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317631/; classtype:trojan-activity;sid:81180731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317630/; classtype:trojan-activity;sid:81180730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.251.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317629/; classtype:trojan-activity;sid:81180729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.204.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317628/; classtype:trojan-activity;sid:81180728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.146.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317627/; classtype:trojan-activity;sid:81180727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317626/; classtype:trojan-activity;sid:81180726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.138.217.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317625/; classtype:trojan-activity;sid:81180725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.209.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317624/; classtype:trojan-activity;sid:81180724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317623/; classtype:trojan-activity;sid:81180723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.164.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317622/; classtype:trojan-activity;sid:81180722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317621/; classtype:trojan-activity;sid:81180721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317620/; classtype:trojan-activity;sid:81180720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317619/; classtype:trojan-activity;sid:81180719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.115.206.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317618/; classtype:trojan-activity;sid:81180718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.195.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317617/; classtype:trojan-activity;sid:81180717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.224.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317616/; classtype:trojan-activity;sid:81180716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.29.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317615/; classtype:trojan-activity;sid:81180715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"74.138.33.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317614/; classtype:trojan-activity;sid:81180714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.243.140.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317613/; classtype:trojan-activity;sid:81180713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.246.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317612/; classtype:trojan-activity;sid:81180712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.254.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317611/; classtype:trojan-activity;sid:81180711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.95.78.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317610/; classtype:trojan-activity;sid:81180710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.187.163.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317609/; classtype:trojan-activity;sid:81180709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.6.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317608/; classtype:trojan-activity;sid:81180708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.84.241.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317607/; classtype:trojan-activity;sid:81180707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317606/; classtype:trojan-activity;sid:81180706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.i686"; http_uri; depth:19; isdataat:!1,relative; content:"45.148.10.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317605/; classtype:trojan-activity;sid:81180705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.arc"; http_uri; depth:18; isdataat:!1,relative; content:"fksdjfaksj321bots.mybiadboats.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317604/; classtype:trojan-activity;sid:81180704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.i686"; http_uri; depth:19; isdataat:!1,relative; content:"fksdjfaksj321bots.mybiadboats.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317603/; classtype:trojan-activity;sid:81180703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"fksdjfaksj321bots.mybiadboats.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317602/; classtype:trojan-activity;sid:81180702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"fksdjfaksj321bots.mybiadboats.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317601/; classtype:trojan-activity;sid:81180701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"fksdjfaksj321bots.mybiadboats.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317600/; classtype:trojan-activity;sid:81180700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"fksdjfaksj321bots.mybiadboats.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317599/; classtype:trojan-activity;sid:81180699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.mips"; http_uri; depth:19; isdataat:!1,relative; content:"fksdjfaksj321bots.mybiadboats.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317598/; classtype:trojan-activity;sid:81180698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2snzzhsj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317597/; classtype:trojan-activity;sid:81180697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"//thinkphp"; http_uri; depth:10; isdataat:!1,relative; content:"fksdjfaksj321bots.mybiadboats.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317596/; classtype:trojan-activity;sid:81180696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.arm"; http_uri; depth:18; isdataat:!1,relative; content:"fksdjfaksj321bots.mybiadboats.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317595/; classtype:trojan-activity;sid:81180695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.x86"; http_uri; depth:18; isdataat:!1,relative; content:"fksdjfaksj321bots.mybiadboats.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317594/; classtype:trojan-activity;sid:81180694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j3scrqmy"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317593/; classtype:trojan-activity;sid:81180693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/atc.jpg"; http_uri; depth:8; isdataat:!1,relative; content:"clubemacae.dominiotemporario.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317592/; classtype:trojan-activity;sid:81180692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jfcdz1xm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317591/; classtype:trojan-activity;sid:81180691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kzd26e6b"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317590/; classtype:trojan-activity;sid:81180690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"186.249.182.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317589/; classtype:trojan-activity;sid:81180689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloadcid=95fcf6a0982edbaa|7c|26|7c|resid=95fcf6a0982edbaa%21384|7c|26|7c|authkey=adtoz6om2_g4nq4"; http_uri; depth:100; isdataat:!1,relative; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317588/; classtype:trojan-activity;sid:81180688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317587/; classtype:trojan-activity;sid:81180687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.151.167.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317586/; classtype:trojan-activity;sid:81180686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317585/; classtype:trojan-activity;sid:81180685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.255.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317584/; classtype:trojan-activity;sid:81180684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.120.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317583/; classtype:trojan-activity;sid:81180683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.143.32.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317582/; classtype:trojan-activity;sid:81180682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317581/; classtype:trojan-activity;sid:81180681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.0.105.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317580/; classtype:trojan-activity;sid:81180680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317579/; classtype:trojan-activity;sid:81180679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"119.164.174.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317578/; classtype:trojan-activity;sid:81180678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317577/; classtype:trojan-activity;sid:81180677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.145.162.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317576/; classtype:trojan-activity;sid:81180676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317575/; classtype:trojan-activity;sid:81180675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317574/; classtype:trojan-activity;sid:81180674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fya7mrrh"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317573/; classtype:trojan-activity;sid:81180673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nanvalo_fdf1.exe"; http_uri; depth:17; isdataat:!1,relative; content:"185.112.249.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317572/; classtype:trojan-activity;sid:81180672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uwtm0ch1"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317571/; classtype:trojan-activity;sid:81180671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/25gb/weekendsweet.exe"; http_uri; depth:22; isdataat:!1,relative; content:"pabrik-tenda.id"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317570/; classtype:trojan-activity;sid:81180670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/25gb/sweety.exe"; http_uri; depth:16; isdataat:!1,relative; content:"pabrik-tenda.id"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317569/; classtype:trojan-activity;sid:81180669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/25gb/servernasfuck.exe"; http_uri; depth:23; isdataat:!1,relative; content:"pabrik-tenda.id"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317568/; classtype:trojan-activity;sid:81180668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/25gb/moneyalex.exe"; http_uri; depth:19; isdataat:!1,relative; content:"pabrik-tenda.id"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317567/; classtype:trojan-activity;sid:81180667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/25gb/frimillan.exe"; http_uri; depth:19; isdataat:!1,relative; content:"pabrik-tenda.id"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317566/; classtype:trojan-activity;sid:81180666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/25gb/frikadikadi.exe"; http_uri; depth:21; isdataat:!1,relative; content:"pabrik-tenda.id"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317565/; classtype:trojan-activity;sid:81180665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/25gb/frialexxx.exe"; http_uri; depth:19; isdataat:!1,relative; content:"pabrik-tenda.id"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317564/; classtype:trojan-activity;sid:81180664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.170.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317563/; classtype:trojan-activity;sid:81180663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"220.162.124.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317562/; classtype:trojan-activity;sid:81180662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.22.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317561/; classtype:trojan-activity;sid:81180661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317560/; classtype:trojan-activity;sid:81180660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"66.38.91.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317559/; classtype:trojan-activity;sid:81180659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.94.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317558/; classtype:trojan-activity;sid:81180658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317557/; classtype:trojan-activity;sid:81180657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.231.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317556/; classtype:trojan-activity;sid:81180656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"37.232.77.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317555/; classtype:trojan-activity;sid:81180655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.42.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317554/; classtype:trojan-activity;sid:81180654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.95.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317553/; classtype:trojan-activity;sid:81180653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317552/; classtype:trojan-activity;sid:81180652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.116.25.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317551/; classtype:trojan-activity;sid:81180651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nano_encrypted_47f3d50.bin"; http_uri; depth:27; isdataat:!1,relative; content:"185.112.249.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317550/; classtype:trojan-activity;sid:81180650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/newnano_f2ce.exe"; http_uri; depth:17; isdataat:!1,relative; content:"185.112.249.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317549/; classtype:trojan-activity;sid:81180649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"78.188.12.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317548/; classtype:trojan-activity;sid:81180648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vpmu5drb"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317547/; classtype:trojan-activity;sid:81180647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xyapcbvr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317546/; classtype:trojan-activity;sid:81180646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1nwwrl6u"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317545/; classtype:trojan-activity;sid:81180645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/h6kajby4"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317544/; classtype:trojan-activity;sid:81180644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317543/; classtype:trojan-activity;sid:81180643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.175.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317542/; classtype:trojan-activity;sid:81180642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.123.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317541/; classtype:trojan-activity;sid:81180641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.170.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317540/; classtype:trojan-activity;sid:81180640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.228.24.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317539/; classtype:trojan-activity;sid:81180639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.69.73.236"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317538/; classtype:trojan-activity;sid:81180638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"64.57.171.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317537/; classtype:trojan-activity;sid:81180637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317536/; classtype:trojan-activity;sid:81180636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.157.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317535/; classtype:trojan-activity;sid:81180635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.96.250.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317534/; classtype:trojan-activity;sid:81180634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.103.56.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317533/; classtype:trojan-activity;sid:81180633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.209.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317532/; classtype:trojan-activity;sid:81180632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.92.236.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317531/; classtype:trojan-activity;sid:81180631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317530/; classtype:trojan-activity;sid:81180630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.9.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317529/; classtype:trojan-activity;sid:81180629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"77.43.191.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317528/; classtype:trojan-activity;sid:81180628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.209.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317527/; classtype:trojan-activity;sid:81180627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"125.128.121.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317526/; classtype:trojan-activity;sid:81180626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"111.43.223.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317525/; classtype:trojan-activity;sid:81180625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"134.122.33.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317524/; classtype:trojan-activity;sid:81180624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.mips"; http_uri; depth:19; isdataat:!1,relative; content:"134.122.33.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317523/; classtype:trojan-activity;sid:81180623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.33.13.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317522/; classtype:trojan-activity;sid:81180622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"185.207.57.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317521/; classtype:trojan-activity;sid:81180621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/auincley"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317520/; classtype:trojan-activity;sid:81180620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.204.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317519/; classtype:trojan-activity;sid:81180619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.104.239.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317518/; classtype:trojan-activity;sid:81180618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.241.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317517/; classtype:trojan-activity;sid:81180617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.0.163.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317516/; classtype:trojan-activity;sid:81180616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317515/; classtype:trojan-activity;sid:81180615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317514/; classtype:trojan-activity;sid:81180614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.254.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317513/; classtype:trojan-activity;sid:81180613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.52.161.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317512/; classtype:trojan-activity;sid:81180612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.207.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317511/; classtype:trojan-activity;sid:81180611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"92.41.181.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317510/; classtype:trojan-activity;sid:81180610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.61.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317509/; classtype:trojan-activity;sid:81180609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.104.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317508/; classtype:trojan-activity;sid:81180608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317507/; classtype:trojan-activity;sid:81180607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317506/; classtype:trojan-activity;sid:81180606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; content:"104.155.220.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317505/; classtype:trojan-activity;sid:81180605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"104.155.220.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317504/; classtype:trojan-activity;sid:81180604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; content:"104.155.220.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317503/; classtype:trojan-activity;sid:81180603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"104.155.220.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317502/; classtype:trojan-activity;sid:81180602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"104.155.220.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317501/; classtype:trojan-activity;sid:81180601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; content:"104.155.220.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317500/; classtype:trojan-activity;sid:81180600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"104.155.220.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317499/; classtype:trojan-activity;sid:81180599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"104.155.220.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317498/; classtype:trojan-activity;sid:81180598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"104.155.220.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317497/; classtype:trojan-activity;sid:81180597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"104.155.220.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317496/; classtype:trojan-activity;sid:81180596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; content:"104.155.220.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317495/; classtype:trojan-activity;sid:81180595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"104.155.220.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317494/; classtype:trojan-activity;sid:81180594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/g26u5w8u"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317493/; classtype:trojan-activity;sid:81180593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"134.122.33.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317492/; classtype:trojan-activity;sid:81180592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"134.122.33.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317491/; classtype:trojan-activity;sid:81180591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.spc"; http_uri; depth:18; isdataat:!1,relative; content:"134.122.33.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317490/; classtype:trojan-activity;sid:81180590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"134.122.33.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317489/; classtype:trojan-activity;sid:81180589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"134.122.33.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317488/; classtype:trojan-activity;sid:81180588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"134.122.33.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317487/; classtype:trojan-activity;sid:81180587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"134.122.33.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317486/; classtype:trojan-activity;sid:81180586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.arm"; http_uri; depth:18; isdataat:!1,relative; content:"134.122.33.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317485/; classtype:trojan-activity;sid:81180585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.x86"; http_uri; depth:18; isdataat:!1,relative; content:"134.122.33.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317484/; classtype:trojan-activity;sid:81180584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"211.104.242.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317483/; classtype:trojan-activity;sid:81180583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"211.104.242.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317482/; classtype:trojan-activity;sid:81180582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"211.104.242.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317481/; classtype:trojan-activity;sid:81180581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"211.104.242.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317480/; classtype:trojan-activity;sid:81180580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"211.104.242.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317479/; classtype:trojan-activity;sid:81180579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"211.104.242.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317478/; classtype:trojan-activity;sid:81180578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"211.104.242.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317477/; classtype:trojan-activity;sid:81180577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"211.104.242.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317476/; classtype:trojan-activity;sid:81180576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"211.104.242.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317475/; classtype:trojan-activity;sid:81180575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; content:"134.209.167.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317474/; classtype:trojan-activity;sid:81180574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"134.209.167.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317473/; classtype:trojan-activity;sid:81180573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; content:"134.209.167.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317472/; classtype:trojan-activity;sid:81180572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"134.209.167.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317471/; classtype:trojan-activity;sid:81180571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"134.209.167.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317470/; classtype:trojan-activity;sid:81180570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"134.209.167.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317469/; classtype:trojan-activity;sid:81180569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"134.209.167.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317468/; classtype:trojan-activity;sid:81180568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; content:"134.209.167.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317467/; classtype:trojan-activity;sid:81180567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"134.209.167.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317466/; classtype:trojan-activity;sid:81180566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"45.148.10.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317465/; classtype:trojan-activity;sid:81180565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.mips"; http_uri; depth:19; isdataat:!1,relative; content:"45.148.10.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317464/; classtype:trojan-activity;sid:81180564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"45.148.10.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317463/; classtype:trojan-activity;sid:81180563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.spc"; http_uri; depth:18; isdataat:!1,relative; content:"45.148.10.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317462/; classtype:trojan-activity;sid:81180562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"45.148.10.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317461/; classtype:trojan-activity;sid:81180561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"45.148.10.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317460/; classtype:trojan-activity;sid:81180560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"45.148.10.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317459/; classtype:trojan-activity;sid:81180559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"45.148.10.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317458/; classtype:trojan-activity;sid:81180558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.arm"; http_uri; depth:18; isdataat:!1,relative; content:"45.148.10.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317457/; classtype:trojan-activity;sid:81180557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cv0la/5531sx3.x86"; http_uri; depth:18; isdataat:!1,relative; content:"45.148.10.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317456/; classtype:trojan-activity;sid:81180556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.121.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317455/; classtype:trojan-activity;sid:81180555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.spc"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.121.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317454/; classtype:trojan-activity;sid:81180554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.121.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317453/; classtype:trojan-activity;sid:81180553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"46.101.121.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317452/; classtype:trojan-activity;sid:81180552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.mips"; http_uri; depth:19; isdataat:!1,relative; content:"46.101.121.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317451/; classtype:trojan-activity;sid:81180551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"179.156.136.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317450/; classtype:trojan-activity;sid:81180550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"206.81.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317449/; classtype:trojan-activity;sid:81180549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"206.81.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317448/; classtype:trojan-activity;sid:81180548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"46.101.121.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317447/; classtype:trojan-activity;sid:81180547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"206.81.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317446/; classtype:trojan-activity;sid:81180546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"206.81.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317445/; classtype:trojan-activity;sid:81180545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"46.101.121.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317444/; classtype:trojan-activity;sid:81180544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"46.101.121.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317443/; classtype:trojan-activity;sid:81180543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"46.101.121.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317442/; classtype:trojan-activity;sid:81180542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ruthless.arm"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.121.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317441/; classtype:trojan-activity;sid:81180541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; content:"104.248.239.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317440/; classtype:trojan-activity;sid:81180540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"104.248.239.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317439/; classtype:trojan-activity;sid:81180539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.spc"; http_uri; depth:18; isdataat:!1,relative; content:"104.248.239.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317438/; classtype:trojan-activity;sid:81180538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"104.248.239.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317437/; classtype:trojan-activity;sid:81180537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"104.248.239.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317436/; classtype:trojan-activity;sid:81180536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"104.248.239.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317435/; classtype:trojan-activity;sid:81180535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"104.248.239.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317434/; classtype:trojan-activity;sid:81180534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"104.248.239.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317433/; classtype:trojan-activity;sid:81180533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; content:"104.248.239.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317432/; classtype:trojan-activity;sid:81180532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; content:"104.248.239.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317431/; classtype:trojan-activity;sid:81180531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/zte"; http_uri; depth:12; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317430/; classtype:trojan-activity;sid:81180530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/yarn"; http_uri; depth:13; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317429/; classtype:trojan-activity;sid:81180529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/spc"; http_uri; depth:12; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317428/; classtype:trojan-activity;sid:81180528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/sh4"; http_uri; depth:12; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317427/; classtype:trojan-activity;sid:81180527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"206.81.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317426/; classtype:trojan-activity;sid:81180526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"206.81.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317425/; classtype:trojan-activity;sid:81180525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"206.81.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317424/; classtype:trojan-activity;sid:81180524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/rtk"; http_uri; depth:12; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317423/; classtype:trojan-activity;sid:81180523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"206.81.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317422/; classtype:trojan-activity;sid:81180522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"196.218.25.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317421/; classtype:trojan-activity;sid:81180521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"206.81.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317420/; classtype:trojan-activity;sid:81180520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"206.81.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317419/; classtype:trojan-activity;sid:81180519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/root"; http_uri; depth:13; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317418/; classtype:trojan-activity;sid:81180518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"206.81.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317417/; classtype:trojan-activity;sid:81180517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"206.81.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317416/; classtype:trojan-activity;sid:81180516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smxckedbins.sh"; http_uri; depth:15; isdataat:!1,relative; content:"206.81.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317415/; classtype:trojan-activity;sid:81180515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/ppc"; http_uri; depth:12; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317414/; classtype:trojan-activity;sid:81180514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317413/; classtype:trojan-activity;sid:81180513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/mips"; http_uri; depth:13; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317412/; classtype:trojan-activity;sid:81180512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/m68k"; http_uri; depth:13; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317411/; classtype:trojan-activity;sid:81180511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm7"; http_uri; depth:13; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317410/; classtype:trojan-activity;sid:81180510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm6"; http_uri; depth:13; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317409/; classtype:trojan-activity;sid:81180509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbidiot/arm"; http_uri; depth:12; isdataat:!1,relative; content:"45.84.196.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317408/; classtype:trojan-activity;sid:81180508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/demons.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317407/; classtype:trojan-activity;sid:81180507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/demons.spc"; http_uri; depth:16; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317406/; classtype:trojan-activity;sid:81180506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/demons.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317405/; classtype:trojan-activity;sid:81180505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/demons.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317404/; classtype:trojan-activity;sid:81180504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/demons.mips"; http_uri; depth:17; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317403/; classtype:trojan-activity;sid:81180503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/demons.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317401/; classtype:trojan-activity;sid:81180501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/demons.arm"; http_uri; depth:16; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317399/; classtype:trojan-activity;sid:81180499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/demons.x86"; http_uri; depth:16; isdataat:!1,relative; content:"172.245.6.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317398/; classtype:trojan-activity;sid:81180498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/18dnhcya"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317397/; classtype:trojan-activity;sid:81180497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.210.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317396/; classtype:trojan-activity;sid:81180496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.10.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317395/; classtype:trojan-activity;sid:81180495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.52.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317394/; classtype:trojan-activity;sid:81180494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"192.240.56.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317393/; classtype:trojan-activity;sid:81180493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"59.49.174.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317392/; classtype:trojan-activity;sid:81180492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.68.154.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317391/; classtype:trojan-activity;sid:81180491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317390/; classtype:trojan-activity;sid:81180490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.237.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317389/; classtype:trojan-activity;sid:81180489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.26.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317388/; classtype:trojan-activity;sid:81180488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.58.127.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317387/; classtype:trojan-activity;sid:81180487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317386/; classtype:trojan-activity;sid:81180486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317385/; classtype:trojan-activity;sid:81180485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.16.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317384/; classtype:trojan-activity;sid:81180484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/potosdoc/win32.exe"; http_uri; depth:19; isdataat:!1,relative; content:"104.232.39.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317383/; classtype:trojan-activity;sid:81180483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; content:"54.233.198.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317382/; classtype:trojan-activity;sid:81180482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/potosdoc/win32.exe"; http_uri; depth:19; isdataat:!1,relative; content:"potosxylogicalnreinforcementagency4thsdy.duckdns.org"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317381/; classtype:trojan-activity;sid:81180481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0pg7ts5c"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317380/; classtype:trojan-activity;sid:81180480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c9x3qbrq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317379/; classtype:trojan-activity;sid:81180479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/pfgbzxgr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317378/; classtype:trojan-activity;sid:81180478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/document/invoice_11314.doc"; http_uri; depth:27; isdataat:!1,relative; content:"potosxylogicalnreinforcementagency4thsdy.duckdns.org"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317377/; classtype:trojan-activity;sid:81180477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; content:"176.96.251.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317376/; classtype:trojan-activity;sid:81180476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bbbb.exe"; http_uri; depth:18; isdataat:!1,relative; content:"www.retxv.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317375/; classtype:trojan-activity;sid:81180475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; content:"194.180.224.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317374/; classtype:trojan-activity;sid:81180474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; content:"194.180.224.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317373/; classtype:trojan-activity;sid:81180473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ziuewgfhjabfuoryfgafhjbsejf.bin"; http_uri; depth:32; isdataat:!1,relative; content:"eweodinda.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317372/; classtype:trojan-activity;sid:81180472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.116.23.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317371/; classtype:trojan-activity;sid:81180471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.198.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317370/; classtype:trojan-activity;sid:81180470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.59.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317369/; classtype:trojan-activity;sid:81180469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317368/; classtype:trojan-activity;sid:81180468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.50.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317367/; classtype:trojan-activity;sid:81180467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.104.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317366/; classtype:trojan-activity;sid:81180466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.95.50.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317365/; classtype:trojan-activity;sid:81180465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.8.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317364/; classtype:trojan-activity;sid:81180464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.133.231.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317363/; classtype:trojan-activity;sid:81180463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.174.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317362/; classtype:trojan-activity;sid:81180462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.134.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317361/; classtype:trojan-activity;sid:81180461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.183.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317360/; classtype:trojan-activity;sid:81180460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317359/; classtype:trojan-activity;sid:81180459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317358/; classtype:trojan-activity;sid:81180458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.96.251.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317357/; classtype:trojan-activity;sid:81180457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317356/; classtype:trojan-activity;sid:81180456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317355/; classtype:trojan-activity;sid:81180455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.241.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317354/; classtype:trojan-activity;sid:81180454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.15.54.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317353/; classtype:trojan-activity;sid:81180453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317352/; classtype:trojan-activity;sid:81180452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"14.204.105.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317351/; classtype:trojan-activity;sid:81180451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.253.162.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317350/; classtype:trojan-activity;sid:81180450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/liej0okj2qt6wv4/kaiq23pa"; http_uri; depth:27; isdataat:!1,relative; content:"dl.dropbox.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317349/; classtype:trojan-activity;sid:81180449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"82.79.150.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317348/; classtype:trojan-activity;sid:81180448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"80.230.67.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317347/; classtype:trojan-activity;sid:81180447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.135.156.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317346/; classtype:trojan-activity;sid:81180446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.34.23.52"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317345/; classtype:trojan-activity;sid:81180445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.109.186.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317344/; classtype:trojan-activity;sid:81180444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"35.232.248.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317343/; classtype:trojan-activity;sid:81180443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"76.254.129.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317340/; classtype:trojan-activity;sid:81180440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; content:"194.180.224.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317339/; classtype:trojan-activity;sid:81180439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.41.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317338/; classtype:trojan-activity;sid:81180438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"72.2.243.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317337/; classtype:trojan-activity;sid:81180437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317336/; classtype:trojan-activity;sid:81180436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317335/; classtype:trojan-activity;sid:81180435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317334/; classtype:trojan-activity;sid:81180434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.80.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317333/; classtype:trojan-activity;sid:81180433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317332/; classtype:trojan-activity;sid:81180432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"173.242.139.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317331/; classtype:trojan-activity;sid:81180431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.66.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317330/; classtype:trojan-activity;sid:81180430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.177.37.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317329/; classtype:trojan-activity;sid:81180429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gfsedyff"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317328/; classtype:trojan-activity;sid:81180428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.226.176.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317327/; classtype:trojan-activity;sid:81180427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"46.160.83.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317326/; classtype:trojan-activity;sid:81180426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/owdlk0"; http_uri; depth:7; isdataat:!1,relative; content:"is.gd"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317325/; classtype:trojan-activity;sid:81180425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"35.232.248.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317324/; classtype:trojan-activity;sid:81180424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"35.232.248.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317323/; classtype:trojan-activity;sid:81180423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"35.232.248.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317322/; classtype:trojan-activity;sid:81180422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"35.232.248.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317321/; classtype:trojan-activity;sid:81180421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"35.232.248.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317320/; classtype:trojan-activity;sid:81180420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"35.232.248.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317319/; classtype:trojan-activity;sid:81180419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"35.232.248.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317318/; classtype:trojan-activity;sid:81180418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"35.232.248.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317317/; classtype:trojan-activity;sid:81180417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"35.232.248.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317316/; classtype:trojan-activity;sid:81180416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"35.232.248.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317315/; classtype:trojan-activity;sid:81180415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"35.232.248.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317314/; classtype:trojan-activity;sid:81180414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ecr3zkrf"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317313/; classtype:trojan-activity;sid:81180413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/m7fdcyey"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317312/; classtype:trojan-activity;sid:81180412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/omegawarebins.sh"; http_uri; depth:17; isdataat:!1,relative; content:"35.232.248.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317311/; classtype:trojan-activity;sid:81180411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317310/; classtype:trojan-activity;sid:81180410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317309/; classtype:trojan-activity;sid:81180409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317308/; classtype:trojan-activity;sid:81180408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.4.27.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317307/; classtype:trojan-activity;sid:81180407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317306/; classtype:trojan-activity;sid:81180406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317305/; classtype:trojan-activity;sid:81180405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.67.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317304/; classtype:trojan-activity;sid:81180404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317303/; classtype:trojan-activity;sid:81180403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.238.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317302/; classtype:trojan-activity;sid:81180402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.11.212.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317301/; classtype:trojan-activity;sid:81180401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.60.162.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317300/; classtype:trojan-activity;sid:81180400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.0.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317299/; classtype:trojan-activity;sid:81180399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.3.191"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317298/; classtype:trojan-activity;sid:81180398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317297/; classtype:trojan-activity;sid:81180397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317296/; classtype:trojan-activity;sid:81180396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.83.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317295/; classtype:trojan-activity;sid:81180395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.96.251.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317294/; classtype:trojan-activity;sid:81180394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.108.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317293/; classtype:trojan-activity;sid:81180393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317292/; classtype:trojan-activity;sid:81180392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xwbi9rip"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317291/; classtype:trojan-activity;sid:81180391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cgxtapmr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317290/; classtype:trojan-activity;sid:81180390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kpqa6y9x"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317289/; classtype:trojan-activity;sid:81180389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"46.17.47.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317288/; classtype:trojan-activity;sid:81180388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.54.120.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317287/; classtype:trojan-activity;sid:81180387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"46.17.47.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317286/; classtype:trojan-activity;sid:81180386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"46.17.47.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317285/; classtype:trojan-activity;sid:81180385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"46.17.47.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317284/; classtype:trojan-activity;sid:81180384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"46.17.47.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317283/; classtype:trojan-activity;sid:81180383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317282/; classtype:trojan-activity;sid:81180382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"118.255.255.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317281/; classtype:trojan-activity;sid:81180381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.114.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317280/; classtype:trojan-activity;sid:81180380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.141.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317279/; classtype:trojan-activity;sid:81180379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.211.208.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317278/; classtype:trojan-activity;sid:81180378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.236.213.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317277/; classtype:trojan-activity;sid:81180377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.170.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317276/; classtype:trojan-activity;sid:81180376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"72.2.242.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317275/; classtype:trojan-activity;sid:81180375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317274/; classtype:trojan-activity;sid:81180374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.165.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317273/; classtype:trojan-activity;sid:81180373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317272/; classtype:trojan-activity;sid:81180372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.115.68.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317271/; classtype:trojan-activity;sid:81180371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"185.103.138.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317270/; classtype:trojan-activity;sid:81180370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317269/; classtype:trojan-activity;sid:81180369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.189.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317268/; classtype:trojan-activity;sid:81180368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"46.17.47.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317267/; classtype:trojan-activity;sid:81180367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xblnyobins.sh"; http_uri; depth:14; isdataat:!1,relative; content:"46.17.47.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317266/; classtype:trojan-activity;sid:81180366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"46.17.47.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317265/; classtype:trojan-activity;sid:81180365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"46.17.47.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317264/; classtype:trojan-activity;sid:81180364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"46.17.47.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317263/; classtype:trojan-activity;sid:81180363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"46.17.47.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317262/; classtype:trojan-activity;sid:81180362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"46.17.47.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317261/; classtype:trojan-activity;sid:81180361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"46.17.47.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317260/; classtype:trojan-activity;sid:81180360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"119.194.36.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317259/; classtype:trojan-activity;sid:81180359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uqxgc6mm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317258/; classtype:trojan-activity;sid:81180358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/k9abvvrv"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317257/; classtype:trojan-activity;sid:81180357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.227.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317256/; classtype:trojan-activity;sid:81180356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.77.32.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317255/; classtype:trojan-activity;sid:81180355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.189.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317254/; classtype:trojan-activity;sid:81180354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.133.131.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317253/; classtype:trojan-activity;sid:81180353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.124.44.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317252/; classtype:trojan-activity;sid:81180352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.214.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317251/; classtype:trojan-activity;sid:81180351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.228.24.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317250/; classtype:trojan-activity;sid:81180350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317249/; classtype:trojan-activity;sid:81180349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.15.54.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317248/; classtype:trojan-activity;sid:81180348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.187.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317247/; classtype:trojan-activity;sid:81180347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.230.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317246/; classtype:trojan-activity;sid:81180346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.248.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317245/; classtype:trojan-activity;sid:81180345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.115.243.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317244/; classtype:trojan-activity;sid:81180344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317243/; classtype:trojan-activity;sid:81180343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.138.175.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317242/; classtype:trojan-activity;sid:81180342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317241/; classtype:trojan-activity;sid:81180341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.176.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317240/; classtype:trojan-activity;sid:81180340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.10.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_22; reference:url, urlhaus.abuse.ch/url/317239/; classtype:trojan-activity;sid:81180339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kfnskejm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317238/; classtype:trojan-activity;sid:81180338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file2.exe"; http_uri; depth:10; isdataat:!1,relative; content:"spartvishltd.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317237/; classtype:trojan-activity;sid:81180337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cgex9mwc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317236/; classtype:trojan-activity;sid:81180336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/frbvwmsc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317235/; classtype:trojan-activity;sid:81180335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317234/; classtype:trojan-activity;sid:81180334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317233/; classtype:trojan-activity;sid:81180333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.30.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317232/; classtype:trojan-activity;sid:81180332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.200.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317231/; classtype:trojan-activity;sid:81180331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.156.26.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317230/; classtype:trojan-activity;sid:81180330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317229/; classtype:trojan-activity;sid:81180329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.105.33.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317228/; classtype:trojan-activity;sid:81180328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"72.2.242.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317227/; classtype:trojan-activity;sid:81180327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.73.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317226/; classtype:trojan-activity;sid:81180326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317225/; classtype:trojan-activity;sid:81180325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.9.173.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317224/; classtype:trojan-activity;sid:81180324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.55.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317223/; classtype:trojan-activity;sid:81180323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.235.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317222/; classtype:trojan-activity;sid:81180322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cgan5hzd"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317221/; classtype:trojan-activity;sid:81180321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rf2tjnmz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317220/; classtype:trojan-activity;sid:81180320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yge2k3bk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317219/; classtype:trojan-activity;sid:81180319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file1.exe"; http_uri; depth:10; isdataat:!1,relative; content:"spartvishltd.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317218/; classtype:trojan-activity;sid:81180318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317217/; classtype:trojan-activity;sid:81180317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.55.6.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317216/; classtype:trojan-activity;sid:81180316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317215/; classtype:trojan-activity;sid:81180315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.118.87.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317214/; classtype:trojan-activity;sid:81180314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317213/; classtype:trojan-activity;sid:81180313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.130.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317212/; classtype:trojan-activity;sid:81180312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.119.139.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317211/; classtype:trojan-activity;sid:81180311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"177.128.33.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317210/; classtype:trojan-activity;sid:81180310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.156.44.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317209/; classtype:trojan-activity;sid:81180309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.82.143.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317208/; classtype:trojan-activity;sid:81180308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.100.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317207/; classtype:trojan-activity;sid:81180307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317206/; classtype:trojan-activity;sid:81180306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317205/; classtype:trojan-activity;sid:81180305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.103.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317204/; classtype:trojan-activity;sid:81180304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"122.241.43.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317203/; classtype:trojan-activity;sid:81180303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.50.63.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317202/; classtype:trojan-activity;sid:81180302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317201/; classtype:trojan-activity;sid:81180301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317200/; classtype:trojan-activity;sid:81180300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ekqn8z6y"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317199/; classtype:trojan-activity;sid:81180299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hyef3shy"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317198/; classtype:trojan-activity;sid:81180298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/svcift8j"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317197/; classtype:trojan-activity;sid:81180297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c7tzwkmd"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317196/; classtype:trojan-activity;sid:81180296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/szrck5xq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317195/; classtype:trojan-activity;sid:81180295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gfmuv9m1"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317194/; classtype:trojan-activity;sid:81180294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/y22q1uyr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317193/; classtype:trojan-activity;sid:81180293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/eeywqx5r"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317192/; classtype:trojan-activity;sid:81180292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nyfft1mv"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317191/; classtype:trojan-activity;sid:81180291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gap2gfem"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317190/; classtype:trojan-activity;sid:81180290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wzexcree"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317189/; classtype:trojan-activity;sid:81180289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yrzyycew"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317188/; classtype:trojan-activity;sid:81180288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/7qmqy03k"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317187/; classtype:trojan-activity;sid:81180287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/k0duxf3n"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317186/; classtype:trojan-activity;sid:81180286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yyk3srrp"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317185/; classtype:trojan-activity;sid:81180285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wmi1irvt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317184/; classtype:trojan-activity;sid:81180284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rsbawrw4"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317183/; classtype:trojan-activity;sid:81180283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dkhnzkpy"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317182/; classtype:trojan-activity;sid:81180282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/pje6p64f"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317181/; classtype:trojan-activity;sid:81180281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/pr3xssea"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317180/; classtype:trojan-activity;sid:81180280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/izpcvs69"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317179/; classtype:trojan-activity;sid:81180279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cyev07ts"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317178/; classtype:trojan-activity;sid:81180278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/avhjg9jn"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317177/; classtype:trojan-activity;sid:81180277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hemsqct0"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317176/; classtype:trojan-activity;sid:81180276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/g8uhqsy5"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317175/; classtype:trojan-activity;sid:81180275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dp55bij7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317174/; classtype:trojan-activity;sid:81180274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/z5uckwfj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317173/; classtype:trojan-activity;sid:81180273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/b61mxyt6"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317172/; classtype:trojan-activity;sid:81180272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2gsebzzv"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317171/; classtype:trojan-activity;sid:81180271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bhuhftmi"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317170/; classtype:trojan-activity;sid:81180270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/9iatkzyk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317169/; classtype:trojan-activity;sid:81180269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xugyp0uk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317168/; classtype:trojan-activity;sid:81180268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/buxmqnhd"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317167/; classtype:trojan-activity;sid:81180267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/h37zvpwr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317166/; classtype:trojan-activity;sid:81180266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qmxvzneq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317165/; classtype:trojan-activity;sid:81180265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/drkahsi5"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317164/; classtype:trojan-activity;sid:81180264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/esxckc9m"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317163/; classtype:trojan-activity;sid:81180263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dbpbcswa"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317162/; classtype:trojan-activity;sid:81180262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/izqimsjt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317161/; classtype:trojan-activity;sid:81180261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0lvb6l5r"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317160/; classtype:trojan-activity;sid:81180260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/l5wegy3j"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317159/; classtype:trojan-activity;sid:81180259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qpwhyxgb"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317158/; classtype:trojan-activity;sid:81180258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uc1txrxe"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317157/; classtype:trojan-activity;sid:81180257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ukd281xv"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317156/; classtype:trojan-activity;sid:81180256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xmwrhzg0"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317155/; classtype:trojan-activity;sid:81180255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kdbqvqha"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317154/; classtype:trojan-activity;sid:81180254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ejfehmyt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317153/; classtype:trojan-activity;sid:81180253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/95xpjd0r"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317152/; classtype:trojan-activity;sid:81180252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/8nh7pifb"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317151/; classtype:trojan-activity;sid:81180251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mkwmsbfc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317150/; classtype:trojan-activity;sid:81180250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qknkfesg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317149/; classtype:trojan-activity;sid:81180249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zyz43xvk"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317148/; classtype:trojan-activity;sid:81180248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bqemubde"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317147/; classtype:trojan-activity;sid:81180247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fyxuzrcj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317146/; classtype:trojan-activity;sid:81180246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/szpsy2vg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317145/; classtype:trojan-activity;sid:81180245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ud4axdnt"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317144/; classtype:trojan-activity;sid:81180244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6xbeyztn"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317143/; classtype:trojan-activity;sid:81180243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/m521nb41"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317142/; classtype:trojan-activity;sid:81180242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ittuzjrz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317141/; classtype:trojan-activity;sid:81180241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c6yj9sws"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317140/; classtype:trojan-activity;sid:81180240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hunbwjvr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317139/; classtype:trojan-activity;sid:81180239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6zdnkrxg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317138/; classtype:trojan-activity;sid:81180238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/amfxumug"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317137/; classtype:trojan-activity;sid:81180237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jp2xax14"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317136/; classtype:trojan-activity;sid:81180236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1z3htqwm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317135/; classtype:trojan-activity;sid:81180235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bbjh9jgb"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317134/; classtype:trojan-activity;sid:81180234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/svqzp0ya"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317133/; classtype:trojan-activity;sid:81180233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uqd7dfps"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317132/; classtype:trojan-activity;sid:81180232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ltid6w08"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317131/; classtype:trojan-activity;sid:81180231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hzszxc0g"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317130/; classtype:trojan-activity;sid:81180230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/giwsq80p"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317129/; classtype:trojan-activity;sid:81180229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cxjfmcz7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317128/; classtype:trojan-activity;sid:81180228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6ahv22qg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317127/; classtype:trojan-activity;sid:81180227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/akxkzzac"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317126/; classtype:trojan-activity;sid:81180226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/udyqizkz"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317125/; classtype:trojan-activity;sid:81180225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/sjnccdkg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317124/; classtype:trojan-activity;sid:81180224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rv3qcr71"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317123/; classtype:trojan-activity;sid:81180223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/8hw1c9gr"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317122/; classtype:trojan-activity;sid:81180222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xksy3tay"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317121/; classtype:trojan-activity;sid:81180221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fa79xrg8"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317120/; classtype:trojan-activity;sid:81180220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vwpbcvfx"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317119/; classtype:trojan-activity;sid:81180219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4337zjg6"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317118/; classtype:trojan-activity;sid:81180218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mkxh2i9v"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317117/; classtype:trojan-activity;sid:81180217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yfu4j8m2"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317116/; classtype:trojan-activity;sid:81180216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yuw7np8u"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317115/; classtype:trojan-activity;sid:81180215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/k8siwa5r"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317114/; classtype:trojan-activity;sid:81180214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/myy5pub0"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317113/; classtype:trojan-activity;sid:81180213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qruqt7n0"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317112/; classtype:trojan-activity;sid:81180212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hugz5uue"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317111/; classtype:trojan-activity;sid:81180211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rpj6hk3g"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317110/; classtype:trojan-activity;sid:81180210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ja9dxqa7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317109/; classtype:trojan-activity;sid:81180209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bn9vjsba"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317108/; classtype:trojan-activity;sid:81180208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5enijhw3"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317107/; classtype:trojan-activity;sid:81180207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cltwglek"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317106/; classtype:trojan-activity;sid:81180206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/feyx79kn"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317105/; classtype:trojan-activity;sid:81180205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3zd7hblp"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317104/; classtype:trojan-activity;sid:81180204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nemesis.x86"; http_uri; depth:17; isdataat:!1,relative; content:"89.34.26.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317103/; classtype:trojan-activity;sid:81180203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nemesis.mpsl"; http_uri; depth:18; isdataat:!1,relative; content:"89.34.26.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317102/; classtype:trojan-activity;sid:81180202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nemesis.mips"; http_uri; depth:18; isdataat:!1,relative; content:"89.34.26.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317101/; classtype:trojan-activity;sid:81180201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nemesis.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"89.34.26.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317100/; classtype:trojan-activity;sid:81180200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nemesis.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"89.34.26.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317099/; classtype:trojan-activity;sid:81180199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nemesis.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"89.34.26.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317098/; classtype:trojan-activity;sid:81180198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nemesis.arm"; http_uri; depth:17; isdataat:!1,relative; content:"89.34.26.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317097/; classtype:trojan-activity;sid:81180197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317096/; classtype:trojan-activity;sid:81180196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.217.71.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317095/; classtype:trojan-activity;sid:81180195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.6.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317094/; classtype:trojan-activity;sid:81180194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317093/; classtype:trojan-activity;sid:81180193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.43.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317092/; classtype:trojan-activity;sid:81180192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317091/; classtype:trojan-activity;sid:81180191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.222.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317090/; classtype:trojan-activity;sid:81180190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317089/; classtype:trojan-activity;sid:81180189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.245.50.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317088/; classtype:trojan-activity;sid:81180188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.176.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317087/; classtype:trojan-activity;sid:81180187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.13.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317086/; classtype:trojan-activity;sid:81180186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.204.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317085/; classtype:trojan-activity;sid:81180185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.96.251.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317084/; classtype:trojan-activity;sid:81180184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317083/; classtype:trojan-activity;sid:81180183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/7mrdzyq7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317082/; classtype:trojan-activity;sid:81180182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file3.exe"; http_uri; depth:10; isdataat:!1,relative; content:"spartvishltd.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317081/; classtype:trojan-activity;sid:81180181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"109.207.107.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317080/; classtype:trojan-activity;sid:81180180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"85.187.5.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317079/; classtype:trojan-activity;sid:81180179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"171.226.19.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317078/; classtype:trojan-activity;sid:81180178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i6vsheq6.tmp"; http_uri; depth:13; isdataat:!1,relative; content:"datacrypt.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317077/; classtype:trojan-activity;sid:81180177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y4mrxebafms5mxeztejacbaqblaqhnlkwhpmeoy4eyuiou-htbm0-4w5mznrd9s-upy6iozv7vl33zcpmyntqsr8uwpmbr1hjzeibonn9ndhvv_9vygcyaq2mlrml8icsmcevmclhtnkbsdygchyaemhq7adzwkcofjjdqxn6hwiqrypiwf1mfl7hsumwli9jyrwk3ciquvikkylzzsopreww/0000876.scanned.jpg.zdownload|7c|26|7c|psid=1"; http_uri; depth:264; isdataat:!1,relative; content:"un6cqq.ch.files.1drv.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317076/; classtype:trojan-activity;sid:81180176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hulking.exe"; http_uri; depth:12; isdataat:!1,relative; content:"nq.fastyou.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317075/; classtype:trojan-activity;sid:81180175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/mastermindoffice%20encoded%20new.zip"; http_uri; depth:42; isdataat:!1,relative; content:"herseymeraks.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317074/; classtype:trojan-activity;sid:81180174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/quote/mastermindoffice%20encoded%20new.zip"; http_uri; depth:43; isdataat:!1,relative; content:"herseymeraks.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317073/; classtype:trojan-activity;sid:81180173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"177.128.34.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317072/; classtype:trojan-activity;sid:81180172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"85.99.113.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317071/; classtype:trojan-activity;sid:81180171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.15.209.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317070/; classtype:trojan-activity;sid:81180170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.255.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317069/; classtype:trojan-activity;sid:81180169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.212.208.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317068/; classtype:trojan-activity;sid:81180168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.219.81.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317067/; classtype:trojan-activity;sid:81180167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.15.152.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317066/; classtype:trojan-activity;sid:81180166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317065/; classtype:trojan-activity;sid:81180165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.120.243.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317064/; classtype:trojan-activity;sid:81180164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.115.254.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317063/; classtype:trojan-activity;sid:81180163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317062/; classtype:trojan-activity;sid:81180162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.40.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317061/; classtype:trojan-activity;sid:81180161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.116.201.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317060/; classtype:trojan-activity;sid:81180160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317059/; classtype:trojan-activity;sid:81180159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.127.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317058/; classtype:trojan-activity;sid:81180158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317057/; classtype:trojan-activity;sid:81180157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/axhxa3t4"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317056/; classtype:trojan-activity;sid:81180156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"66.90.187.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317055/; classtype:trojan-activity;sid:81180155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file04/new%20year%20statistic%20update.exe"; http_uri; depth:43; isdataat:!1,relative; content:"bt-design.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317054/; classtype:trojan-activity;sid:81180154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file03/0220.exe"; http_uri; depth:16; isdataat:!1,relative; content:"bt-design.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317053/; classtype:trojan-activity;sid:81180153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file01/022120.exe"; http_uri; depth:18; isdataat:!1,relative; content:"bt-design.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317052/; classtype:trojan-activity;sid:81180152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hrball.exe"; http_uri; depth:11; isdataat:!1,relative; content:"download.hrbb.com.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317051/; classtype:trojan-activity;sid:81180151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file02/maersk%20line%20eta.exe"; http_uri; depth:31; isdataat:!1,relative; content:"bt-design.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317050/; classtype:trojan-activity;sid:81180150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/b5curula"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317049/; classtype:trojan-activity;sid:81180149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/factura_00012.doc"; http_uri; depth:18; isdataat:!1,relative; content:"eweodinda.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317048/; classtype:trojan-activity;sid:81180148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/79/ldr_bs_3.exe"; http_uri; depth:16; isdataat:!1,relative; content:"54.36.185.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317047/; classtype:trojan-activity;sid:81180147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qqgre83t"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317046/; classtype:trojan-activity;sid:81180146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"93.116.166.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317045/; classtype:trojan-activity;sid:81180145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlrdlrdlrdlr00001/d4mnasdasd4mn.arc"; http_uri; depth:36; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317044/; classtype:trojan-activity;sid:81180144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlrdlrdlrdlr00001/d4mnasdasd4mn.i686"; http_uri; depth:37; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317043/; classtype:trojan-activity;sid:81180143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kuma-ssh-update.sh"; http_uri; depth:19; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317042/; classtype:trojan-activity;sid:81180142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/n7"; http_uri; depth:27; isdataat:!1,relative; content:"170.130.172.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317041/; classtype:trojan-activity;sid:81180141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/n8"; http_uri; depth:27; isdataat:!1,relative; content:"170.130.172.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317040/; classtype:trojan-activity;sid:81180140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/n9"; http_uri; depth:27; isdataat:!1,relative; content:"170.130.172.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317039/; classtype:trojan-activity;sid:81180139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.188.192.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317038/; classtype:trojan-activity;sid:81180138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.34.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317037/; classtype:trojan-activity;sid:81180137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"72.2.247.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317036/; classtype:trojan-activity;sid:81180136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.56.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317035/; classtype:trojan-activity;sid:81180135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.125.241.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317034/; classtype:trojan-activity;sid:81180134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.192.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317033/; classtype:trojan-activity;sid:81180133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.137.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317032/; classtype:trojan-activity;sid:81180132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317031/; classtype:trojan-activity;sid:81180131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.69.55.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317030/; classtype:trojan-activity;sid:81180130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.160.177.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317029/; classtype:trojan-activity;sid:81180129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.0.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317028/; classtype:trojan-activity;sid:81180128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.51.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317027/; classtype:trojan-activity;sid:81180127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.83.119.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317026/; classtype:trojan-activity;sid:81180126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317025/; classtype:trojan-activity;sid:81180125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.196.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317024/; classtype:trojan-activity;sid:81180124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.130.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317023/; classtype:trojan-activity;sid:81180123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.226.95.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317022/; classtype:trojan-activity;sid:81180122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317021/; classtype:trojan-activity;sid:81180121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317020/; classtype:trojan-activity;sid:81180120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.21.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317019/; classtype:trojan-activity;sid:81180119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"139.227.237.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317018/; classtype:trojan-activity;sid:81180118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file1.exe"; http_uri; depth:10; isdataat:!1,relative; content:"spartltd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317017/; classtype:trojan-activity;sid:81180117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/upp.exe"; http_uri; depth:8; isdataat:!1,relative; content:"spartvishltd.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317016/; classtype:trojan-activity;sid:81180116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file4.exe"; http_uri; depth:10; isdataat:!1,relative; content:"spartvishltd.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317015/; classtype:trojan-activity;sid:81180115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/6_signed2.exe"; http_uri; depth:14; isdataat:!1,relative; content:"185.159.129.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317014/; classtype:trojan-activity;sid:81180114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; content:"owncloud-cdn.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317013/; classtype:trojan-activity;sid:81180113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; content:"dl-0086534.owncloud-cdn.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317012/; classtype:trojan-activity;sid:81180112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; content:"dl-0074957.owncloud-cdn.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317011/; classtype:trojan-activity;sid:81180111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"212.90.38.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317010/; classtype:trojan-activity;sid:81180110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"89.148.237.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317009/; classtype:trojan-activity;sid:81180109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.212.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317008/; classtype:trojan-activity;sid:81180108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.134.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317007/; classtype:trojan-activity;sid:81180107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317006/; classtype:trojan-activity;sid:81180106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.59.134.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317005/; classtype:trojan-activity;sid:81180105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.63.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317004/; classtype:trojan-activity;sid:81180104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.69.234.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317003/; classtype:trojan-activity;sid:81180103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.216.159.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317002/; classtype:trojan-activity;sid:81180102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317001/; classtype:trojan-activity;sid:81180101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.214.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/317000/; classtype:trojan-activity;sid:81180100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"183.0.203.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316999/; classtype:trojan-activity;sid:81180099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.174.124.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316998/; classtype:trojan-activity;sid:81180098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.5.118.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316997/; classtype:trojan-activity;sid:81180097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.142.226.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316996/; classtype:trojan-activity;sid:81180096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.75.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316995/; classtype:trojan-activity;sid:81180095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ps5/docu-234_7d16.jpg"; http_uri; depth:22; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316994/; classtype:trojan-activity;sid:81180094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316993/; classtype:trojan-activity;sid:81180093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316992/; classtype:trojan-activity;sid:81180092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316991/; classtype:trojan-activity;sid:81180091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"221.156.79.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316990/; classtype:trojan-activity;sid:81180090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316989/; classtype:trojan-activity;sid:81180089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316988/; classtype:trojan-activity;sid:81180088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316987/; classtype:trojan-activity;sid:81180087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316986/; classtype:trojan-activity;sid:81180086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316985/; classtype:trojan-activity;sid:81180085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316984/; classtype:trojan-activity;sid:81180084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316983/; classtype:trojan-activity;sid:81180083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316982/; classtype:trojan-activity;sid:81180082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"45.148.10.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316981/; classtype:trojan-activity;sid:81180081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ps5/80700.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316980/; classtype:trojan-activity;sid:81180080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blessed/bbbbb.exe"; http_uri; depth:18; isdataat:!1,relative; content:"dry-amami-8272.babyblue.jp"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316979/; classtype:trojan-activity;sid:81180079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/evolve/library/files/elb.exe"; http_uri; depth:47; isdataat:!1,relative; content:"inapadvance.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316978/; classtype:trojan-activity;sid:81180078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"175.208.254.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316977/; classtype:trojan-activity;sid:81180077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"185.15.134.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316976/; classtype:trojan-activity;sid:81180076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"179.208.103.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316975/; classtype:trojan-activity;sid:81180075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ps5/0016977.jpg"; http_uri; depth:16; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316974/; classtype:trojan-activity;sid:81180074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.149.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316973/; classtype:trojan-activity;sid:81180073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.26.115.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316972/; classtype:trojan-activity;sid:81180072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.236.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316971/; classtype:trojan-activity;sid:81180071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.48.102.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316970/; classtype:trojan-activity;sid:81180070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"185.103.138.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316969/; classtype:trojan-activity;sid:81180069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316968/; classtype:trojan-activity;sid:81180068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316967/; classtype:trojan-activity;sid:81180067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.97.86.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316966/; classtype:trojan-activity;sid:81180066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.250.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316965/; classtype:trojan-activity;sid:81180065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/secure/svchost.exe"; http_uri; depth:19; isdataat:!1,relative; content:"chnwsdyglobalwealthandreinforcementagenc.duckdns.org"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316964/; classtype:trojan-activity;sid:81180064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xzqswf/sermodel.exe"; http_uri; depth:20; isdataat:!1,relative; content:"download.xp666.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316963/; classtype:trojan-activity;sid:81180063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blessed/eeeee.exe"; http_uri; depth:18; isdataat:!1,relative; content:"dry-amami-8272.babyblue.jp"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316962/; classtype:trojan-activity;sid:81180062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/gravida/images/file/micc.exe"; http_uri; depth:47; isdataat:!1,relative; content:"inapadvance.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316961/; classtype:trojan-activity;sid:81180061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyfifteen/inc/files/frr.exe"; http_uri; depth:50; isdataat:!1,relative; content:"inapadvance.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316960/; classtype:trojan-activity;sid:81180060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyfifteen/inc/files/bnt.exe"; http_uri; depth:50; isdataat:!1,relative; content:"inapadvance.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316959/; classtype:trojan-activity;sid:81180059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyfifteen/inc/files/pov.exe"; http_uri; depth:50; isdataat:!1,relative; content:"inapadvance.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316958/; classtype:trojan-activity;sid:81180058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyfifteen/inc/files/loi.exe"; http_uri; depth:50; isdataat:!1,relative; content:"inapadvance.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316957/; classtype:trojan-activity;sid:81180057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyfifteen/inc/files/p3.exe"; http_uri; depth:49; isdataat:!1,relative; content:"inapadvance.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316956/; classtype:trojan-activity;sid:81180056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wbnpadvplrdhrvqjfnev/hjjalma.bin"; http_uri; depth:33; isdataat:!1,relative; content:"shameonyou.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316955/; classtype:trojan-activity;sid:81180055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/thm_wp/azor/system.exe"; http_uri; depth:23; isdataat:!1,relative; content:"egtch.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316954/; classtype:trojan-activity;sid:81180054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.136.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316953/; classtype:trojan-activity;sid:81180053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.133.231.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316952/; classtype:trojan-activity;sid:81180052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316951/; classtype:trojan-activity;sid:81180051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.88.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316950/; classtype:trojan-activity;sid:81180050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.69.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316949/; classtype:trojan-activity;sid:81180049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.97.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316948/; classtype:trojan-activity;sid:81180048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316947/; classtype:trojan-activity;sid:81180047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316946/; classtype:trojan-activity;sid:81180046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.246.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316945/; classtype:trojan-activity;sid:81180045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316944/; classtype:trojan-activity;sid:81180044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.198.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316943/; classtype:trojan-activity;sid:81180043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316942/; classtype:trojan-activity;sid:81180042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.96.251.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316941/; classtype:trojan-activity;sid:81180041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.221.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316940/; classtype:trojan-activity;sid:81180040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.56.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316939/; classtype:trojan-activity;sid:81180039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"66.38.95.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316938/; classtype:trojan-activity;sid:81180038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"185.103.138.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316937/; classtype:trojan-activity;sid:81180037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316936/; classtype:trojan-activity;sid:81180036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/evolve/library/files/bur.exe"; http_uri; depth:47; isdataat:!1,relative; content:"inapadvance.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316935/; classtype:trojan-activity;sid:81180035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0x08.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"156.96.62.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316934/; classtype:trojan-activity;sid:81180034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"64.225.75.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316933/; classtype:trojan-activity;sid:81180033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0x08.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"156.96.62.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316932/; classtype:trojan-activity;sid:81180032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0x08.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"156.96.62.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316931/; classtype:trojan-activity;sid:81180031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0x08.mips"; http_uri; depth:15; isdataat:!1,relative; content:"156.96.62.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316930/; classtype:trojan-activity;sid:81180030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0x08.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"156.96.62.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316929/; classtype:trojan-activity;sid:81180029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"64.225.75.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316928/; classtype:trojan-activity;sid:81180028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0x08.spc"; http_uri; depth:14; isdataat:!1,relative; content:"156.96.62.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316927/; classtype:trojan-activity;sid:81180027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0x08.arm"; http_uri; depth:14; isdataat:!1,relative; content:"156.96.62.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316926/; classtype:trojan-activity;sid:81180026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0x08.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"156.96.62.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316925/; classtype:trojan-activity;sid:81180025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0x08.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"156.96.62.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316924/; classtype:trojan-activity;sid:81180024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0x08.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"156.96.62.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316923/; classtype:trojan-activity;sid:81180023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"213.139.56.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316922/; classtype:trojan-activity;sid:81180022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/secure/svchost.exe"; http_uri; depth:19; isdataat:!1,relative; content:"chnwsdy3threewealthandreinforcementagenc.duckdns.org"; http_host; depth:52; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316921/; classtype:trojan-activity;sid:81180021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kt1fxcaq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316920/; classtype:trojan-activity;sid:81180020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x/background.jpg"; http_uri; depth:17; isdataat:!1,relative; content:"192.30.89.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316919/; classtype:trojan-activity;sid:81180019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/0x08.x86"; http_uri; depth:14; isdataat:!1,relative; content:"156.96.62.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316918/; classtype:trojan-activity;sid:81180018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y4muf-ldm--qhba7wp1r6wo4hmmye0wr5e_dnleotfy16vx9rrnwue0pvwhc_xc3pnmxkv6cv0iwlbm3opjp3zcskqcizf2af-q_tdosg36bn_sgnlpucpkvywiflxnqcic7ymnzu0duhyqjy8dwpdtkzmjhp7ipd4xz8n74kdv9blqabpdgefpddspfnliuz2o4t_sbupfoi69cfgrkgtooa/zbi894003003.pdf.zdownload|7c|26|7c|psid=1"; http_uri; depth:261; isdataat:!1,relative; content:"ikpvpw.am.files.1drv.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316917/; classtype:trojan-activity;sid:81180017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jib4"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.244.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316916/; classtype:trojan-activity;sid:81180016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jib4t"; http_uri; depth:6; isdataat:!1,relative; content:"23.254.244.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316915/; classtype:trojan-activity;sid:81180015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jib5"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.244.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316914/; classtype:trojan-activity;sid:81180014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jib6"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.244.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316913/; classtype:trojan-activity;sid:81180013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jibmips"; http_uri; depth:8; isdataat:!1,relative; content:"23.254.244.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316912/; classtype:trojan-activity;sid:81180012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jibmpsl"; http_uri; depth:8; isdataat:!1,relative; content:"23.254.244.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316911/; classtype:trojan-activity;sid:81180011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jibx86"; http_uri; depth:7; isdataat:!1,relative; content:"23.254.244.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316910/; classtype:trojan-activity;sid:81180010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jibsh4"; http_uri; depth:7; isdataat:!1,relative; content:"23.254.244.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316909/; classtype:trojan-activity;sid:81180009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jibsparc"; http_uri; depth:9; isdataat:!1,relative; content:"23.254.244.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316908/; classtype:trojan-activity;sid:81180008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jibppc"; http_uri; depth:7; isdataat:!1,relative; content:"23.254.244.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316907/; classtype:trojan-activity;sid:81180007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jib7"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.244.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316906/; classtype:trojan-activity;sid:81180006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/hsh4"; http_uri; depth:29; isdataat:!1,relative; content:"170.130.172.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316905/; classtype:trojan-activity;sid:81180005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/hmpsl"; http_uri; depth:30; isdataat:!1,relative; content:"170.130.172.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316904/; classtype:trojan-activity;sid:81180004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/hmips"; http_uri; depth:30; isdataat:!1,relative; content:"170.130.172.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316903/; classtype:trojan-activity;sid:81180003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/harm"; http_uri; depth:29; isdataat:!1,relative; content:"170.130.172.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316902/; classtype:trojan-activity;sid:81180002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wrgjwrgjwrg246356356356/hx86"; http_uri; depth:29; isdataat:!1,relative; content:"170.130.172.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316901/; classtype:trojan-activity;sid:81180001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86.corona"; http_uri; depth:16; isdataat:!1,relative; content:"45.84.196.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316900/; classtype:trojan-activity;sid:81180000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.191.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316899/; classtype:trojan-activity;sid:81179999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.spc"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.191.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316898/; classtype:trojan-activity;sid:81179998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.191.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316897/; classtype:trojan-activity;sid:81179997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.191.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316896/; classtype:trojan-activity;sid:81179996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.mips"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.191.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316895/; classtype:trojan-activity;sid:81179995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.191.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316894/; classtype:trojan-activity;sid:81179994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.191.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316893/; classtype:trojan-activity;sid:81179993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.191.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316892/; classtype:trojan-activity;sid:81179992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.191.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316891/; classtype:trojan-activity;sid:81179991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.arm"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.191.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316890/; classtype:trojan-activity;sid:81179990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.x86"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.191.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316889/; classtype:trojan-activity;sid:81179989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.ppc"; http_uri; depth:12; isdataat:!1,relative; content:"185.70.185.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316888/; classtype:trojan-activity;sid:81179988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.spc"; http_uri; depth:12; isdataat:!1,relative; content:"185.70.185.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316887/; classtype:trojan-activity;sid:81179987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.sh4"; http_uri; depth:12; isdataat:!1,relative; content:"185.70.185.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316886/; classtype:trojan-activity;sid:81179986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"185.70.185.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316885/; classtype:trojan-activity;sid:81179985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.arm7"; http_uri; depth:13; isdataat:!1,relative; content:"185.70.185.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316884/; classtype:trojan-activity;sid:81179984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.arm6"; http_uri; depth:13; isdataat:!1,relative; content:"185.70.185.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316883/; classtype:trojan-activity;sid:81179983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.arm5"; http_uri; depth:13; isdataat:!1,relative; content:"185.70.185.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316882/; classtype:trojan-activity;sid:81179982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.arm"; http_uri; depth:12; isdataat:!1,relative; content:"185.70.185.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316881/; classtype:trojan-activity;sid:81179981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.mips"; http_uri; depth:13; isdataat:!1,relative; content:"185.70.185.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316880/; classtype:trojan-activity;sid:81179980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rhombus.x86"; http_uri; depth:12; isdataat:!1,relative; content:"185.70.185.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316879/; classtype:trojan-activity;sid:81179979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gang.arm4t"; http_uri; depth:11; isdataat:!1,relative; content:"195.88.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316878/; classtype:trojan-activity;sid:81179978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gang.arm4"; http_uri; depth:10; isdataat:!1,relative; content:"195.88.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316877/; classtype:trojan-activity;sid:81179977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gang.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"195.88.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316876/; classtype:trojan-activity;sid:81179976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gang.arm6"; http_uri; depth:10; isdataat:!1,relative; content:"195.88.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316875/; classtype:trojan-activity;sid:81179975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gang.arm5"; http_uri; depth:10; isdataat:!1,relative; content:"195.88.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316874/; classtype:trojan-activity;sid:81179974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gang.i686"; http_uri; depth:10; isdataat:!1,relative; content:"195.88.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316873/; classtype:trojan-activity;sid:81179973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gang.mips"; http_uri; depth:10; isdataat:!1,relative; content:"195.88.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316872/; classtype:trojan-activity;sid:81179972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gang.m68"; http_uri; depth:9; isdataat:!1,relative; content:"195.88.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316871/; classtype:trojan-activity;sid:81179971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gang.sh4"; http_uri; depth:9; isdataat:!1,relative; content:"195.88.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316870/; classtype:trojan-activity;sid:81179970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gang.ppc"; http_uri; depth:9; isdataat:!1,relative; content:"195.88.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316869/; classtype:trojan-activity;sid:81179969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gang.spc"; http_uri; depth:9; isdataat:!1,relative; content:"195.88.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316868/; classtype:trojan-activity;sid:81179968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gang.x86"; http_uri; depth:9; isdataat:!1,relative; content:"195.88.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316867/; classtype:trojan-activity;sid:81179967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"64.225.75.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316866/; classtype:trojan-activity;sid:81179966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"64.225.75.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316865/; classtype:trojan-activity;sid:81179965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"64.225.75.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316864/; classtype:trojan-activity;sid:81179964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"64.225.75.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316863/; classtype:trojan-activity;sid:81179963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"64.225.75.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316862/; classtype:trojan-activity;sid:81179962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"64.225.75.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316861/; classtype:trojan-activity;sid:81179961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"64.225.75.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316860/; classtype:trojan-activity;sid:81179960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"64.225.75.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316859/; classtype:trojan-activity;sid:81179959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.95.157.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316858/; classtype:trojan-activity;sid:81179958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.151.60.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316857/; classtype:trojan-activity;sid:81179957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.37.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316856/; classtype:trojan-activity;sid:81179956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.10.1.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316855/; classtype:trojan-activity;sid:81179955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316854/; classtype:trojan-activity;sid:81179954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316853/; classtype:trojan-activity;sid:81179953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.189.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316852/; classtype:trojan-activity;sid:81179952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.80.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316851/; classtype:trojan-activity;sid:81179951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.208.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316850/; classtype:trojan-activity;sid:81179950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316849/; classtype:trojan-activity;sid:81179949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"173.242.140.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316848/; classtype:trojan-activity;sid:81179948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.218.16.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316847/; classtype:trojan-activity;sid:81179947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.196.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316846/; classtype:trojan-activity;sid:81179946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.187.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316845/; classtype:trojan-activity;sid:81179945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.253.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316844/; classtype:trojan-activity;sid:81179944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.227.81.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316843/; classtype:trojan-activity;sid:81179943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"14.102.71.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316842/; classtype:trojan-activity;sid:81179942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.4.152.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316841/; classtype:trojan-activity;sid:81179941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316840/; classtype:trojan-activity;sid:81179940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.141.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316839/; classtype:trojan-activity;sid:81179939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"119.216.4.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316838/; classtype:trojan-activity;sid:81179938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.32.137.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316837/; classtype:trojan-activity;sid:81179937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cpanel/downloads/version2019.021.20059/adobe_update.exe"; http_uri; depth:56; isdataat:!1,relative; content:"adobelink.me"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316836/; classtype:trojan-activity;sid:81179936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zahers/gf8oxriqyniw6zy.msi"; http_uri; depth:27; isdataat:!1,relative; content:"zahernabelsi.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316835/; classtype:trojan-activity;sid:81179935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zahers/gf8oxriqyniw6zy.zip"; http_uri; depth:27; isdataat:!1,relative; content:"zahernabelsi.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316834/; classtype:trojan-activity;sid:81179934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2020/02/secure/780088/780088.zip"; http_uri; depth:52; isdataat:!1,relative; content:"junnuvaskooli.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316833/; classtype:trojan-activity;sid:81179933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ps5/305132.jpg"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316832/; classtype:trojan-activity;sid:81179932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vzdvtsj4"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316831/; classtype:trojan-activity;sid:81179931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ye6xhjqp"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316830/; classtype:trojan-activity;sid:81179930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.125.88.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316829/; classtype:trojan-activity;sid:81179929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bely5dnm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316828/; classtype:trojan-activity;sid:81179928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/x9jihb9r"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316827/; classtype:trojan-activity;sid:81179927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.32.75.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316826/; classtype:trojan-activity;sid:81179926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"180.177.104.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316825/; classtype:trojan-activity;sid:81179925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.246.244.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316824/; classtype:trojan-activity;sid:81179924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.199.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316823/; classtype:trojan-activity;sid:81179923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.206.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316822/; classtype:trojan-activity;sid:81179922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316821/; classtype:trojan-activity;sid:81179921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.229.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316820/; classtype:trojan-activity;sid:81179920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316819/; classtype:trojan-activity;sid:81179919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.23.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316818/; classtype:trojan-activity;sid:81179918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.10.86.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316817/; classtype:trojan-activity;sid:81179917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.160.177.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316816/; classtype:trojan-activity;sid:81179916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.141.105.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316815/; classtype:trojan-activity;sid:81179915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316814/; classtype:trojan-activity;sid:81179914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.89.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316813/; classtype:trojan-activity;sid:81179913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316812/; classtype:trojan-activity;sid:81179912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316811/; classtype:trojan-activity;sid:81179911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.96.251.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316810/; classtype:trojan-activity;sid:81179910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316809/; classtype:trojan-activity;sid:81179909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/safety/21216934/21216934.zip"; http_uri; depth:29; isdataat:!1,relative; content:"polskforening.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316808/; classtype:trojan-activity;sid:81179908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/common/addins/setup_6_6.exe"; http_uri; depth:28; isdataat:!1,relative; content:"canaccordgenuity.bluematrix.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316807/; classtype:trojan-activity;sid:81179907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/time.exe"; http_uri; depth:9; isdataat:!1,relative; content:"worldvibes.com.ng"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316806/; classtype:trojan-activity;sid:81179906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cryptof/mycrypto-enc.exe"; http_uri; depth:25; isdataat:!1,relative; content:"homeless.helpingourfuture.org.uk"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316805/; classtype:trojan-activity;sid:81179905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mtkenjbq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316803/; classtype:trojan-activity;sid:81179903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.123.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316802/; classtype:trojan-activity;sid:81179902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316801/; classtype:trojan-activity;sid:81179901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316800/; classtype:trojan-activity;sid:81179900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.232.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316799/; classtype:trojan-activity;sid:81179899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.116.210.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316798/; classtype:trojan-activity;sid:81179898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316797/; classtype:trojan-activity;sid:81179897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.119.95.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316796/; classtype:trojan-activity;sid:81179896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.89.68.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316795/; classtype:trojan-activity;sid:81179895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316794/; classtype:trojan-activity;sid:81179894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.180.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316793/; classtype:trojan-activity;sid:81179893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.216.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316792/; classtype:trojan-activity;sid:81179892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.248.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316791/; classtype:trojan-activity;sid:81179891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"188.75.241.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316790/; classtype:trojan-activity;sid:81179890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316789/; classtype:trojan-activity;sid:81179889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.209.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316788/; classtype:trojan-activity;sid:81179888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316787/; classtype:trojan-activity;sid:81179887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.209.188.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316786/; classtype:trojan-activity;sid:81179886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.222.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316785/; classtype:trojan-activity;sid:81179885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.53.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316784/; classtype:trojan-activity;sid:81179884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316783/; classtype:trojan-activity;sid:81179883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316782/; classtype:trojan-activity;sid:81179882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316781/; classtype:trojan-activity;sid:81179881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316780/; classtype:trojan-activity;sid:81179880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"87.70.30.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316778/; classtype:trojan-activity;sid:81179878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.132.120.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316777/; classtype:trojan-activity;sid:81179877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"14.171.87.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316776/; classtype:trojan-activity;sid:81179876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.227.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316775/; classtype:trojan-activity;sid:81179875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.217.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316774/; classtype:trojan-activity;sid:81179874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.11.212.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316773/; classtype:trojan-activity;sid:81179873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.22.237.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316772/; classtype:trojan-activity;sid:81179872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.161.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316771/; classtype:trojan-activity;sid:81179871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316770/; classtype:trojan-activity;sid:81179870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.13.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316769/; classtype:trojan-activity;sid:81179869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"192.240.60.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316768/; classtype:trojan-activity;sid:81179868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316767/; classtype:trojan-activity;sid:81179867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.98.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316766/; classtype:trojan-activity;sid:81179866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"66.38.93.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316765/; classtype:trojan-activity;sid:81179865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.1.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316764/; classtype:trojan-activity;sid:81179864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.202.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316763/; classtype:trojan-activity;sid:81179863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.31.4.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316762/; classtype:trojan-activity;sid:81179862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"109.207.107.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316761/; classtype:trojan-activity;sid:81179861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"185.103.138.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316760/; classtype:trojan-activity;sid:81179860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316759/; classtype:trojan-activity;sid:81179859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.104.65.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316758/; classtype:trojan-activity;sid:81179858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_21; reference:url, urlhaus.abuse.ch/url/316757/; classtype:trojan-activity;sid:81179857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"211.197.212.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316756/; classtype:trojan-activity;sid:81179856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"210.57.237.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316755/; classtype:trojan-activity;sid:81179855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/netis"; http_uri; depth:6; isdataat:!1,relative; content:"godbuntu.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316754/; classtype:trojan-activity;sid:81179854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tr064"; http_uri; depth:6; isdataat:!1,relative; content:"godbuntu.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316753/; classtype:trojan-activity;sid:81179853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/y4mwh0pfxanioncrflqrsvlengwuy_cm62gogfoor_ttapso6f3y5mvm9opwqyp7_vqjxerqfchevtxdqvbytzsrqkvfr_am40guj99iy__uj308s2mz6hwvomkz-ztvuayrvtw_coeuag5v-26neun_w-j10zr87adarrrml4vlhkyd_8bpyqqkluj7trlfdfgzg3o6strxgytohuompdtsw/0000876.scanned.jpg.zdownload|7c|26|7c|psid=1"; http_uri; depth:264; isdataat:!1,relative; content:"un6cqq.ch.files.1drv.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316752/; classtype:trojan-activity;sid:81179852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/transaction/remittance.ps1"; http_uri; depth:27; isdataat:!1,relative; content:"figure.dyndns.dk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316751/; classtype:trojan-activity;sid:81179851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316750/; classtype:trojan-activity;sid:81179850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.238.29.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316749/; classtype:trojan-activity;sid:81179849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.18.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316748/; classtype:trojan-activity;sid:81179848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.183.104.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316747/; classtype:trojan-activity;sid:81179847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.186.202.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316746/; classtype:trojan-activity;sid:81179846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"66.38.91.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316745/; classtype:trojan-activity;sid:81179845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.124.36.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316744/; classtype:trojan-activity;sid:81179844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.51.207.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316743/; classtype:trojan-activity;sid:81179843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.175.153.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316742/; classtype:trojan-activity;sid:81179842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.160.177.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316741/; classtype:trojan-activity;sid:81179841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.54.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316740/; classtype:trojan-activity;sid:81179840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316739/; classtype:trojan-activity;sid:81179839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316738/; classtype:trojan-activity;sid:81179838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.26.94.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316737/; classtype:trojan-activity;sid:81179837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"94.41.0.174"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316736/; classtype:trojan-activity;sid:81179836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4iydslky"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316735/; classtype:trojan-activity;sid:81179835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/9jw6zzyy"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316734/; classtype:trojan-activity;sid:81179834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bju79pem"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316733/; classtype:trojan-activity;sid:81179833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/g4xxaetl"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316732/; classtype:trojan-activity;sid:81179832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.134.200.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316731/; classtype:trojan-activity;sid:81179831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uuuu030g182k9n73vr35hw/service.exe"; http_uri; depth:35; isdataat:!1,relative; content:"69.43.168.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316730/; classtype:trojan-activity;sid:81179830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uuuu030g182k9n73vr35hw/em_wifi.exe"; http_uri; depth:35; isdataat:!1,relative; content:"69.43.168.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316729/; classtype:trojan-activity;sid:81179829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6yygxavg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316728/; classtype:trojan-activity;sid:81179828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"187.85.253.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316727/; classtype:trojan-activity;sid:81179827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"72.2.249.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316726/; classtype:trojan-activity;sid:81179826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.58.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316725/; classtype:trojan-activity;sid:81179825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.39.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316724/; classtype:trojan-activity;sid:81179824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.242.98.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316723/; classtype:trojan-activity;sid:81179823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.233.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316722/; classtype:trojan-activity;sid:81179822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.204.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316721/; classtype:trojan-activity;sid:81179821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.143.32.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316720/; classtype:trojan-activity;sid:81179820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.42.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316719/; classtype:trojan-activity;sid:81179819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.166.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316718/; classtype:trojan-activity;sid:81179818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.77.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316717/; classtype:trojan-activity;sid:81179817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.220.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316716/; classtype:trojan-activity;sid:81179816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a/1.bin"; http_uri; depth:8; isdataat:!1,relative; content:"arabianbrother.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316715/; classtype:trojan-activity;sid:81179815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316714/; classtype:trojan-activity;sid:81179814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"103.91.17.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316713/; classtype:trojan-activity;sid:81179813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.246.254.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316712/; classtype:trojan-activity;sid:81179812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.177.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316711/; classtype:trojan-activity;sid:81179811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316710/; classtype:trojan-activity;sid:81179810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"106.111.46.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316709/; classtype:trojan-activity;sid:81179809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.38.26.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316708/; classtype:trojan-activity;sid:81179808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316707/; classtype:trojan-activity;sid:81179807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316706/; classtype:trojan-activity;sid:81179806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316705/; classtype:trojan-activity;sid:81179805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.91.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316704/; classtype:trojan-activity;sid:81179804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.106.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316703/; classtype:trojan-activity;sid:81179803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bhg/update.exe"; http_uri; depth:15; isdataat:!1,relative; content:"homeless.helpingourfuture.org.uk"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316702/; classtype:trojan-activity;sid:81179802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bhg/c1.exe"; http_uri; depth:11; isdataat:!1,relative; content:"homeless.helpingourfuture.org.uk"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316701/; classtype:trojan-activity;sid:81179801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bhg/sea.exe"; http_uri; depth:12; isdataat:!1,relative; content:"homeless.helpingourfuture.org.uk"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316700/; classtype:trojan-activity;sid:81179800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bhg/cli5.exe"; http_uri; depth:13; isdataat:!1,relative; content:"homeless.helpingourfuture.org.uk"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316699/; classtype:trojan-activity;sid:81179799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bhg/racc.exe"; http_uri; depth:13; isdataat:!1,relative; content:"homeless.helpingourfuture.org.uk"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316698/; classtype:trojan-activity;sid:81179798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/poiuterqw.bin"; http_uri; depth:14; isdataat:!1,relative; content:"germanypanzer.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316697/; classtype:trojan-activity;sid:81179797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ncvqoqhcbjzffijvyvga/yrkbdmt.bin"; http_uri; depth:33; isdataat:!1,relative; content:"blueflag.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316696/; classtype:trojan-activity;sid:81179796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/eq02qvmc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316695/; classtype:trojan-activity;sid:81179795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mg/11.msi"; http_uri; depth:10; isdataat:!1,relative; content:"expertswebservices.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316694/; classtype:trojan-activity;sid:81179794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316693/; classtype:trojan-activity;sid:81179793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.247.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316692/; classtype:trojan-activity;sid:81179792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.45.60.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316691/; classtype:trojan-activity;sid:81179791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.2.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316690/; classtype:trojan-activity;sid:81179790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.69.4.173"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316689/; classtype:trojan-activity;sid:81179789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.91.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316688/; classtype:trojan-activity;sid:81179788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.192.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316687/; classtype:trojan-activity;sid:81179787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.232.233.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316686/; classtype:trojan-activity;sid:81179786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/0c9trbt4"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316685/; classtype:trojan-activity;sid:81179785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aksip.exe"; http_uri; depth:10; isdataat:!1,relative; content:"jnetwork.pw"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316684/; classtype:trojan-activity;sid:81179784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin.exe"; http_uri; depth:8; isdataat:!1,relative; content:"111.90.146.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316683/; classtype:trojan-activity;sid:81179783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6tfp9pzm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316682/; classtype:trojan-activity;sid:81179782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/n43sykmf"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316681/; classtype:trojan-activity;sid:81179781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"42.113.247.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316680/; classtype:trojan-activity;sid:81179780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"2.176.191.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316679/; classtype:trojan-activity;sid:81179779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"46.100.107.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316678/; classtype:trojan-activity;sid:81179778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bvcmxcm8"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316677/; classtype:trojan-activity;sid:81179777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"175.11.215.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316676/; classtype:trojan-activity;sid:81179776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.1.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316675/; classtype:trojan-activity;sid:81179775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.98.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316674/; classtype:trojan-activity;sid:81179774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.108.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316673/; classtype:trojan-activity;sid:81179773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.218.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316672/; classtype:trojan-activity;sid:81179772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.77.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316671/; classtype:trojan-activity;sid:81179771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.194.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316670/; classtype:trojan-activity;sid:81179770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.97.142.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316669/; classtype:trojan-activity;sid:81179769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316668/; classtype:trojan-activity;sid:81179768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.15.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316667/; classtype:trojan-activity;sid:81179767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316666/; classtype:trojan-activity;sid:81179766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"39.69.220.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316665/; classtype:trojan-activity;sid:81179765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.95.78.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316664/; classtype:trojan-activity;sid:81179764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316663/; classtype:trojan-activity;sid:81179763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ps5/docu-234_1e05.jpg"; http_uri; depth:22; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316662/; classtype:trojan-activity;sid:81179762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1vaz2cqj"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316661/; classtype:trojan-activity;sid:81179761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/documento.rtf"; http_uri; depth:14; isdataat:!1,relative; content:"cvcviagens.sslblindado.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316660/; classtype:trojan-activity;sid:81179760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ybec4j77"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316659/; classtype:trojan-activity;sid:81179759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnetd"; http_uri; depth:8; isdataat:!1,relative; content:"45.148.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316658/; classtype:trojan-activity;sid:81179758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"45.148.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316657/; classtype:trojan-activity;sid:81179757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"45.148.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316656/; classtype:trojan-activity;sid:81179756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316655/; classtype:trojan-activity;sid:81179755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"45.148.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316654/; classtype:trojan-activity;sid:81179754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316653/; classtype:trojan-activity;sid:81179753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316652/; classtype:trojan-activity;sid:81179752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316651/; classtype:trojan-activity;sid:81179751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316650/; classtype:trojan-activity;sid:81179750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"45.148.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316649/; classtype:trojan-activity;sid:81179749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316648/; classtype:trojan-activity;sid:81179748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"45.148.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316647/; classtype:trojan-activity;sid:81179747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"45.148.10.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316646/; classtype:trojan-activity;sid:81179746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"113.219.81.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316645/; classtype:trojan-activity;sid:81179745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316644/; classtype:trojan-activity;sid:81179744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.117.40.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316643/; classtype:trojan-activity;sid:81179743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"37.232.98.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316642/; classtype:trojan-activity;sid:81179742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.192.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316641/; classtype:trojan-activity;sid:81179741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.79.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316640/; classtype:trojan-activity;sid:81179740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"64.57.171.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316639/; classtype:trojan-activity;sid:81179739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"173.242.140.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316638/; classtype:trojan-activity;sid:81179738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.231.38.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316637/; classtype:trojan-activity;sid:81179737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.225.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316636/; classtype:trojan-activity;sid:81179736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.76.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316635/; classtype:trojan-activity;sid:81179735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.192.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316634/; classtype:trojan-activity;sid:81179734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.62.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316633/; classtype:trojan-activity;sid:81179733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.124.182.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316632/; classtype:trojan-activity;sid:81179732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.195.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316631/; classtype:trojan-activity;sid:81179731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.25.168.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316630/; classtype:trojan-activity;sid:81179730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.212.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316629/; classtype:trojan-activity;sid:81179729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.126.212.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316628/; classtype:trojan-activity;sid:81179728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.113.161.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316627/; classtype:trojan-activity;sid:81179727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.120.68.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316626/; classtype:trojan-activity;sid:81179726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316625/; classtype:trojan-activity;sid:81179725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.157.67.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316624/; classtype:trojan-activity;sid:81179724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.199.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316623/; classtype:trojan-activity;sid:81179723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.229.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316622/; classtype:trojan-activity;sid:81179722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"170.238.70.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316621/; classtype:trojan-activity;sid:81179721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.79.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316620/; classtype:trojan-activity;sid:81179720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bfk1sarg"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316619/; classtype:trojan-activity;sid:81179719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/372873/sso.exe"; http_uri; depth:15; isdataat:!1,relative; content:"arethatour.icu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316618/; classtype:trojan-activity;sid:81179718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dzdmkvxc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316617/; classtype:trojan-activity;sid:81179717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/penelop/3.exe"; http_uri; depth:20; isdataat:!1,relative; content:"mohd2.ug"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316616/; classtype:trojan-activity;sid:81179716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/penelop/updatewin2.exe"; http_uri; depth:29; isdataat:!1,relative; content:"mohd2.ug"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316615/; classtype:trojan-activity;sid:81179715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/penelop/updatewin1.exe"; http_uri; depth:29; isdataat:!1,relative; content:"mohd2.ug"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316614/; classtype:trojan-activity;sid:81179714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/og/origin.jpg"; http_uri; depth:14; isdataat:!1,relative; content:"officearchives.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316613/; classtype:trojan-activity;sid:81179713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"175.210.177.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316612/; classtype:trojan-activity;sid:81179712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"14.182.13.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316611/; classtype:trojan-activity;sid:81179711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/subpoena.docx"; http_uri; depth:14; isdataat:!1,relative; content:"supramecourt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316610/; classtype:trojan-activity;sid:81179710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ps5/601277.jpg"; http_uri; depth:15; isdataat:!1,relative; content:"107.189.10.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316609/; classtype:trojan-activity;sid:81179709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bvmmdjkm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316608/; classtype:trojan-activity;sid:81179708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316607/; classtype:trojan-activity;sid:81179707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"177.128.34.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316606/; classtype:trojan-activity;sid:81179706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316605/; classtype:trojan-activity;sid:81179705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"66.38.90.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316604/; classtype:trojan-activity;sid:81179704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.80.174.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316603/; classtype:trojan-activity;sid:81179703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.38.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316602/; classtype:trojan-activity;sid:81179702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.236.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316601/; classtype:trojan-activity;sid:81179701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316600/; classtype:trojan-activity;sid:81179700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.158.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316599/; classtype:trojan-activity;sid:81179699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316598/; classtype:trojan-activity;sid:81179698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.170.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316597/; classtype:trojan-activity;sid:81179697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316596/; classtype:trojan-activity;sid:81179696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.29.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316595/; classtype:trojan-activity;sid:81179695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.152.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316594/; classtype:trojan-activity;sid:81179694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"89.16.102.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316593/; classtype:trojan-activity;sid:81179693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/flamingo/gozie/goziecryp.exe"; http_uri; depth:48; isdataat:!1,relative; content:"www.skyui.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316592/; classtype:trojan-activity;sid:81179692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/372873/corpo1.dll"; http_uri; depth:18; isdataat:!1,relative; content:"arethatour.icu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316591/; classtype:trojan-activity;sid:81179691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chfrnd2doc/regasm.exe"; http_uri; depth:22; isdataat:!1,relative; content:"sub2chnfmanglobalbusinessexytwowsdy2.duckdns.org"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316590/; classtype:trojan-activity;sid:81179690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/mxidkhx/mee/freshmedd.exe"; http_uri; depth:45; isdataat:!1,relative; content:"meandaudrey.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316589/; classtype:trojan-activity;sid:81179689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"222.121.123.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316588/; classtype:trojan-activity;sid:81179688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/438279ghh.exe"; http_uri; depth:14; isdataat:!1,relative; content:"secure-net.tech"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316587/; classtype:trojan-activity;sid:81179687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/document1245.dotm"; http_uri; depth:18; isdataat:!1,relative; content:"secure-net.tech"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316586/; classtype:trojan-activity;sid:81179686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.zip"; http_uri; depth:13; isdataat:!1,relative; content:"176.113.161.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316585/; classtype:trojan-activity;sid:81179685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.157.74.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316584/; classtype:trojan-activity;sid:81179684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"120.71.103.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316583/; classtype:trojan-activity;sid:81179683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.115.158.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316582/; classtype:trojan-activity;sid:81179682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.207.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316581/; classtype:trojan-activity;sid:81179681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.167.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316580/; classtype:trojan-activity;sid:81179680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316579/; classtype:trojan-activity;sid:81179679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.95.186.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316578/; classtype:trojan-activity;sid:81179678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.196.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316577/; classtype:trojan-activity;sid:81179677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.239.150.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316576/; classtype:trojan-activity;sid:81179676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316575/; classtype:trojan-activity;sid:81179675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316574/; classtype:trojan-activity;sid:81179674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"27.158.250.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316573/; classtype:trojan-activity;sid:81179673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316572/; classtype:trojan-activity;sid:81179672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.8.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316571/; classtype:trojan-activity;sid:81179671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316570/; classtype:trojan-activity;sid:81179670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316569/; classtype:trojan-activity;sid:81179669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.40.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316568/; classtype:trojan-activity;sid:81179668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.201.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316567/; classtype:trojan-activity;sid:81179667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"72.2.251.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316566/; classtype:trojan-activity;sid:81179666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/og/documentation.rtf"; http_uri; depth:21; isdataat:!1,relative; content:"46.183.218.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316565/; classtype:trojan-activity;sid:81179665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/og/hydro.js"; http_uri; depth:12; isdataat:!1,relative; content:"46.183.218.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316564/; classtype:trojan-activity;sid:81179664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/og/port.js"; http_uri; depth:11; isdataat:!1,relative; content:"46.183.218.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316563/; classtype:trojan-activity;sid:81179663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/payment.scr"; http_uri; depth:12; isdataat:!1,relative; content:"www.indigoproduction.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316562/; classtype:trojan-activity;sid:81179662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/x4tb1r6z"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316561/; classtype:trojan-activity;sid:81179661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yifumejyzhasamydfglb/onbtn.bin"; http_uri; depth:31; isdataat:!1,relative; content:"mineminecraft.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316560/; classtype:trojan-activity;sid:81179660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.35.145.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316559/; classtype:trojan-activity;sid:81179659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/to/chijioke.exe"; http_uri; depth:16; isdataat:!1,relative; content:"zone-812.ml"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316558/; classtype:trojan-activity;sid:81179658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ji/jesu.exe"; http_uri; depth:12; isdataat:!1,relative; content:"zone-812.ml"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316557/; classtype:trojan-activity;sid:81179657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/office/invoice_22113.doc"; http_uri; depth:25; isdataat:!1,relative; content:"sub2chnfmanglobalbusinessexytwowsdy2.duckdns.org"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316556/; classtype:trojan-activity;sid:81179656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cj/jjj.exe"; http_uri; depth:11; isdataat:!1,relative; content:"sunny-kusu-9769.blush.jp"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316555/; classtype:trojan-activity;sid:81179655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/images/views/rrwlai4wuflflfa.exe"; http_uri; depth:44; isdataat:!1,relative; content:"robotrade.com.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316554/; classtype:trojan-activity;sid:81179654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/57k9kudm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316553/; classtype:trojan-activity;sid:81179653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/crypter/arrays/178bfbff00670f00-mwdrvawpnshbrq.txt"; http_uri; depth:51; isdataat:!1,relative; content:"107.189.7.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316552/; classtype:trojan-activity;sid:81179652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"31.146.124.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316551/; classtype:trojan-activity;sid:81179651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"wireguard.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316550/; classtype:trojan-activity;sid:81179650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"wireguard.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316549/; classtype:trojan-activity;sid:81179649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mips"; http_uri; depth:17; isdataat:!1,relative; content:"wireguard.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316548/; classtype:trojan-activity;sid:81179648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"wireguard.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316547/; classtype:trojan-activity;sid:81179647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.spc"; http_uri; depth:16; isdataat:!1,relative; content:"wireguard.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316546/; classtype:trojan-activity;sid:81179646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.x86"; http_uri; depth:16; isdataat:!1,relative; content:"wireguard.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316545/; classtype:trojan-activity;sid:81179645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"wireguard.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316544/; classtype:trojan-activity;sid:81179644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"88.250.222.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316543/; classtype:trojan-activity;sid:81179643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316542/; classtype:trojan-activity;sid:81179642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"186.73.188.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316541/; classtype:trojan-activity;sid:81179641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.239.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316540/; classtype:trojan-activity;sid:81179640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.115.32.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316539/; classtype:trojan-activity;sid:81179639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.234.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316538/; classtype:trojan-activity;sid:81179638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.164.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316537/; classtype:trojan-activity;sid:81179637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"72.2.249.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316536/; classtype:trojan-activity;sid:81179636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316535/; classtype:trojan-activity;sid:81179635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.13.5.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316534/; classtype:trojan-activity;sid:81179634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.113.221.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316533/; classtype:trojan-activity;sid:81179633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.104.242.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316532/; classtype:trojan-activity;sid:81179632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.192.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316531/; classtype:trojan-activity;sid:81179631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316530/; classtype:trojan-activity;sid:81179630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316529/; classtype:trojan-activity;sid:81179629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"79.17.241.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316528/; classtype:trojan-activity;sid:81179628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316527/; classtype:trojan-activity;sid:81179627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"220.160.62.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316526/; classtype:trojan-activity;sid:81179626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.141.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316525/; classtype:trojan-activity;sid:81179625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.222.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316524/; classtype:trojan-activity;sid:81179624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"218.21.171.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316523/; classtype:trojan-activity;sid:81179623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.29.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316522/; classtype:trojan-activity;sid:81179622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316521/; classtype:trojan-activity;sid:81179621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.45.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316520/; classtype:trojan-activity;sid:81179620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"220.168.236.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316519/; classtype:trojan-activity;sid:81179619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"189.103.114.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316518/; classtype:trojan-activity;sid:81179618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/safety/04630/04630.zip"; http_uri; depth:23; isdataat:!1,relative; content:"aufsperrmax.at"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316517/; classtype:trojan-activity;sid:81179617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/homefedex.jar"; http_uri; depth:14; isdataat:!1,relative; content:"americanrange.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316516/; classtype:trojan-activity;sid:81179616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"91.140.70.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316515/; classtype:trojan-activity;sid:81179615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"59.31.169.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316514/; classtype:trojan-activity;sid:81179614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"191.223.54.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316513/; classtype:trojan-activity;sid:81179613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"123.193.229.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316512/; classtype:trojan-activity;sid:81179612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.119.66.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316511/; classtype:trojan-activity;sid:81179611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.44.21.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316510/; classtype:trojan-activity;sid:81179610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.245.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316509/; classtype:trojan-activity;sid:81179609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.152.30.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316508/; classtype:trojan-activity;sid:81179608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316507/; classtype:trojan-activity;sid:81179607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.115.174.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316506/; classtype:trojan-activity;sid:81179606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.225.104.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316505/; classtype:trojan-activity;sid:81179605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.93.171.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316504/; classtype:trojan-activity;sid:81179604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316503/; classtype:trojan-activity;sid:81179603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.123.251.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316502/; classtype:trojan-activity;sid:81179602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.84.124.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316501/; classtype:trojan-activity;sid:81179601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.9.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316500/; classtype:trojan-activity;sid:81179600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.185.105.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316499/; classtype:trojan-activity;sid:81179599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.140.180.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316498/; classtype:trojan-activity;sid:81179598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.33.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316497/; classtype:trojan-activity;sid:81179597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316496/; classtype:trojan-activity;sid:81179596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.225.206.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316495/; classtype:trojan-activity;sid:81179595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"187.85.255.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316494/; classtype:trojan-activity;sid:81179594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fvybtdfe"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316493/; classtype:trojan-activity;sid:81179593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/y5ktddjd"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316492/; classtype:trojan-activity;sid:81179592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/smhjwvur"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316491/; classtype:trojan-activity;sid:81179591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.90.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316490/; classtype:trojan-activity;sid:81179590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.60.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316489/; classtype:trojan-activity;sid:81179589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.229.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316488/; classtype:trojan-activity;sid:81179588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.92.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316487/; classtype:trojan-activity;sid:81179587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.166.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316486/; classtype:trojan-activity;sid:81179586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.96.102.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316485/; classtype:trojan-activity;sid:81179585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.134.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316484/; classtype:trojan-activity;sid:81179584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"72.2.246.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316483/; classtype:trojan-activity;sid:81179583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.73.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316482/; classtype:trojan-activity;sid:81179582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.55.92.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316481/; classtype:trojan-activity;sid:81179581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316480/; classtype:trojan-activity;sid:81179580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316479/; classtype:trojan-activity;sid:81179579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"109.207.104.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316478/; classtype:trojan-activity;sid:81179578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.239.217.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316477/; classtype:trojan-activity;sid:81179577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/root/armv6l"; http_uri; depth:12; isdataat:!1,relative; content:"45.136.245.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316476/; classtype:trojan-activity;sid:81179576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/root/mips"; http_uri; depth:10; isdataat:!1,relative; content:"45.136.245.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316475/; classtype:trojan-activity;sid:81179575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.134.162.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316474/; classtype:trojan-activity;sid:81179574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/root/frostbytebins.sh"; http_uri; depth:22; isdataat:!1,relative; content:"45.136.245.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316473/; classtype:trojan-activity;sid:81179573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/root/armv5l"; http_uri; depth:12; isdataat:!1,relative; content:"45.136.245.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316472/; classtype:trojan-activity;sid:81179572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/root/sparc"; http_uri; depth:11; isdataat:!1,relative; content:"45.136.245.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316471/; classtype:trojan-activity;sid:81179571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/root/i586"; http_uri; depth:10; isdataat:!1,relative; content:"45.136.245.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316470/; classtype:trojan-activity;sid:81179570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/root/sh4"; http_uri; depth:9; isdataat:!1,relative; content:"45.136.245.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316469/; classtype:trojan-activity;sid:81179569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/root/m68k"; http_uri; depth:10; isdataat:!1,relative; content:"45.136.245.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316468/; classtype:trojan-activity;sid:81179568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/root/powerpc"; http_uri; depth:13; isdataat:!1,relative; content:"45.136.245.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316467/; classtype:trojan-activity;sid:81179567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/root/x86"; http_uri; depth:9; isdataat:!1,relative; content:"45.136.245.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316466/; classtype:trojan-activity;sid:81179566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/root/mipsel"; http_uri; depth:12; isdataat:!1,relative; content:"45.136.245.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316465/; classtype:trojan-activity;sid:81179565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/root/i686"; http_uri; depth:10; isdataat:!1,relative; content:"45.136.245.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316464/; classtype:trojan-activity;sid:81179564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/root/armv4l"; http_uri; depth:12; isdataat:!1,relative; content:"45.136.245.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316463/; classtype:trojan-activity;sid:81179563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/npgu1dks"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316462/; classtype:trojan-activity;sid:81179562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tganespq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316461/; classtype:trojan-activity;sid:81179561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.124.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316460/; classtype:trojan-activity;sid:81179560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.36.44.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316459/; classtype:trojan-activity;sid:81179559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.238.163.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316458/; classtype:trojan-activity;sid:81179558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.122.160.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316457/; classtype:trojan-activity;sid:81179557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"72.2.241.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316456/; classtype:trojan-activity;sid:81179556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.9.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316455/; classtype:trojan-activity;sid:81179555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316454/; classtype:trojan-activity;sid:81179554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.154.122.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316453/; classtype:trojan-activity;sid:81179553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.170.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316452/; classtype:trojan-activity;sid:81179552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.83.144.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316451/; classtype:trojan-activity;sid:81179551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.220.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316450/; classtype:trojan-activity;sid:81179550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.78.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316449/; classtype:trojan-activity;sid:81179549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.97.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316448/; classtype:trojan-activity;sid:81179548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316447/; classtype:trojan-activity;sid:81179547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.143.32.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316446/; classtype:trojan-activity;sid:81179546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.53.240.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316445/; classtype:trojan-activity;sid:81179545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.234.81.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316444/; classtype:trojan-activity;sid:81179544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.133.230.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316443/; classtype:trojan-activity;sid:81179543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"176.96.251.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316442/; classtype:trojan-activity;sid:81179542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.7.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316441/; classtype:trojan-activity;sid:81179541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_20; reference:url, urlhaus.abuse.ch/url/316440/; classtype:trojan-activity;sid:81179540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.spc"; http_uri; depth:17; isdataat:!1,relative; content:"c.wolfiot.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316439/; classtype:trojan-activity;sid:81179539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"130.225.155.104.bc.googleusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316438/; classtype:trojan-activity;sid:81179538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"130.225.155.104.bc.googleusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316437/; classtype:trojan-activity;sid:81179537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"130.225.155.104.bc.googleusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316436/; classtype:trojan-activity;sid:81179536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.ppc"; http_uri; depth:17; isdataat:!1,relative; content:"c.wolfiot.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316435/; classtype:trojan-activity;sid:81179535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.mips"; http_uri; depth:18; isdataat:!1,relative; content:"c.wolfiot.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316434/; classtype:trojan-activity;sid:81179534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.sh4"; http_uri; depth:17; isdataat:!1,relative; content:"c.wolfiot.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316433/; classtype:trojan-activity;sid:81179533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.m68k"; http_uri; depth:18; isdataat:!1,relative; content:"c.wolfiot.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316432/; classtype:trojan-activity;sid:81179532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"201.33.43.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316431/; classtype:trojan-activity;sid:81179531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"130.225.155.104.bc.googleusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316430/; classtype:trojan-activity;sid:81179530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.mpsl"; http_uri; depth:18; isdataat:!1,relative; content:"c.wolfiot.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316429/; classtype:trojan-activity;sid:81179529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/aepwb1jc"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316428/; classtype:trojan-activity;sid:81179528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.237.81.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316427/; classtype:trojan-activity;sid:81179527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.66.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316426/; classtype:trojan-activity;sid:81179526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.204.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316425/; classtype:trojan-activity;sid:81179525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.216.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316424/; classtype:trojan-activity;sid:81179524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.13.250.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316423/; classtype:trojan-activity;sid:81179523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.233.24.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316422/; classtype:trojan-activity;sid:81179522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"58.46.250.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316421/; classtype:trojan-activity;sid:81179521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.112.212.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316420/; classtype:trojan-activity;sid:81179520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316419/; classtype:trojan-activity;sid:81179519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316418/; classtype:trojan-activity;sid:81179518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316417/; classtype:trojan-activity;sid:81179517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.41.28.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316416/; classtype:trojan-activity;sid:81179516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.220.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316415/; classtype:trojan-activity;sid:81179515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.235.211.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316414/; classtype:trojan-activity;sid:81179514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316413/; classtype:trojan-activity;sid:81179513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316412/; classtype:trojan-activity;sid:81179512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demo/nna.bin"; http_uri; depth:13; isdataat:!1,relative; content:"www.cmsay.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316411/; classtype:trojan-activity;sid:81179511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/7ljdijj3"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316410/; classtype:trojan-activity;sid:81179510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pure/zomnna.png"; http_uri; depth:16; isdataat:!1,relative; content:"www.bmsay.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316409/; classtype:trojan-activity;sid:81179509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"159.203.39.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316408/; classtype:trojan-activity;sid:81179508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"96.47.239.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316407/; classtype:trojan-activity;sid:81179507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.40.111.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316406/; classtype:trojan-activity;sid:81179506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.15.133.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316405/; classtype:trojan-activity;sid:81179505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.121.221.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316404/; classtype:trojan-activity;sid:81179504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316403/; classtype:trojan-activity;sid:81179503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.186.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316402/; classtype:trojan-activity;sid:81179502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.10.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316401/; classtype:trojan-activity;sid:81179501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"121.233.16.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316400/; classtype:trojan-activity;sid:81179500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.231.161.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316399/; classtype:trojan-activity;sid:81179499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.54.250.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316398/; classtype:trojan-activity;sid:81179498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.235.176.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316397/; classtype:trojan-activity;sid:81179497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.226.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316396/; classtype:trojan-activity;sid:81179496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"172.39.73.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316395/; classtype:trojan-activity;sid:81179495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.226.86.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316394/; classtype:trojan-activity;sid:81179494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"216.221.203.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316393/; classtype:trojan-activity;sid:81179493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.63.36.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316392/; classtype:trojan-activity;sid:81179492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"211.137.225.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316391/; classtype:trojan-activity;sid:81179491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.68.218.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316390/; classtype:trojan-activity;sid:81179490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"223.10.2.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316389/; classtype:trojan-activity;sid:81179489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"37.232.98.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316388/; classtype:trojan-activity;sid:81179488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"36.109.228.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316387/; classtype:trojan-activity;sid:81179487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"61.168.140.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316386/; classtype:trojan-activity;sid:81179486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.74.186.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316385/; classtype:trojan-activity;sid:81179485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.115.167.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316384/; classtype:trojan-activity;sid:81179484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.ppc"; http_uri; depth:17; isdataat:!1,relative; content:"188.213.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316383/; classtype:trojan-activity;sid:81179483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"92.118.27.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316382/; classtype:trojan-activity;sid:81179482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"104.155.225.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316381/; classtype:trojan-activity;sid:81179481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"104.155.225.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316380/; classtype:trojan-activity;sid:81179480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"92.118.27.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316379/; classtype:trojan-activity;sid:81179479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"104.155.225.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316378/; classtype:trojan-activity;sid:81179478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"96.47.239.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316377/; classtype:trojan-activity;sid:81179477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/d3yh49p9"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316376/; classtype:trojan-activity;sid:81179476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"92.118.27.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316375/; classtype:trojan-activity;sid:81179475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"159.203.39.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316374/; classtype:trojan-activity;sid:81179474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.m68k"; http_uri; depth:18; isdataat:!1,relative; content:"188.213.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316373/; classtype:trojan-activity;sid:81179473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"104.155.225.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316372/; classtype:trojan-activity;sid:81179472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/blxntz.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"104.168.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316371/; classtype:trojan-activity;sid:81179471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"96.47.239.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316370/; classtype:trojan-activity;sid:81179470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/blxntz.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"104.168.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316369/; classtype:trojan-activity;sid:81179469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/blxntz.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"104.168.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316368/; classtype:trojan-activity;sid:81179468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"104.155.225.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316367/; classtype:trojan-activity;sid:81179467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"175.141.238.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316366/; classtype:trojan-activity;sid:81179466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"45.148.10.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316365/; classtype:trojan-activity;sid:81179465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"96.47.239.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316364/; classtype:trojan-activity;sid:81179464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"45.148.10.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316363/; classtype:trojan-activity;sid:81179463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.sh4"; http_uri; depth:17; isdataat:!1,relative; content:"188.213.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316362/; classtype:trojan-activity;sid:81179462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"104.155.225.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316361/; classtype:trojan-activity;sid:81179461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"wireguard.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316360/; classtype:trojan-activity;sid:81179460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"wireguard.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316359/; classtype:trojan-activity;sid:81179459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/mini.png"; http_uri; depth:16; isdataat:!1,relative; content:"192.3.124.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316358/; classtype:trojan-activity;sid:81179458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/lastimg.png"; http_uri; depth:19; isdataat:!1,relative; content:"192.3.124.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316357/; classtype:trojan-activity;sid:81179457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/flygame.png"; http_uri; depth:19; isdataat:!1,relative; content:"192.3.124.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316356/; classtype:trojan-activity;sid:81179456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"wireguard.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316355/; classtype:trojan-activity;sid:81179455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/arm"; http_uri; depth:11; isdataat:!1,relative; content:"nlocalhost.wordtheminer.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316354/; classtype:trojan-activity;sid:81179454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/mips"; http_uri; depth:12; isdataat:!1,relative; content:"nlocalhost.wordtheminer.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316353/; classtype:trojan-activity;sid:81179453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"nlocalhost.wordtheminer.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316352/; classtype:trojan-activity;sid:81179452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm"; http_uri; depth:16; isdataat:!1,relative; content:"wireguard.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316351/; classtype:trojan-activity;sid:81179451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"c.wolfiot.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316350/; classtype:trojan-activity;sid:81179450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"c.wolfiot.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316349/; classtype:trojan-activity;sid:81179449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"c.wolfiot.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316348/; classtype:trojan-activity;sid:81179448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.arm"; http_uri; depth:17; isdataat:!1,relative; content:"c.wolfiot.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316347/; classtype:trojan-activity;sid:81179447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.x86"; http_uri; depth:17; isdataat:!1,relative; content:"c.wolfiot.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316346/; classtype:trojan-activity;sid:81179446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.x86"; http_uri; depth:33; isdataat:!1,relative; content:"scanthembigbots.mikeysyach.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316345/; classtype:trojan-activity;sid:81179445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.arm7"; http_uri; depth:34; isdataat:!1,relative; content:"scanthembigbots.mikeysyach.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316344/; classtype:trojan-activity;sid:81179444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.arm6"; http_uri; depth:34; isdataat:!1,relative; content:"scanthembigbots.mikeysyach.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316343/; classtype:trojan-activity;sid:81179443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.arm5"; http_uri; depth:34; isdataat:!1,relative; content:"scanthembigbots.mikeysyach.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316342/; classtype:trojan-activity;sid:81179442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.arm"; http_uri; depth:33; isdataat:!1,relative; content:"scanthembigbots.mikeysyach.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316341/; classtype:trojan-activity;sid:81179441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.mpsl"; http_uri; depth:34; isdataat:!1,relative; content:"scanthembigbots.mikeysyach.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316340/; classtype:trojan-activity;sid:81179440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.mips"; http_uri; depth:34; isdataat:!1,relative; content:"scanthembigbots.mikeysyach.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316339/; classtype:trojan-activity;sid:81179439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; content:"104.155.225.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316338/; classtype:trojan-activity;sid:81179438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"104.155.225.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316337/; classtype:trojan-activity;sid:81179437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"104.155.225.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316336/; classtype:trojan-activity;sid:81179436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"104.155.225.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316335/; classtype:trojan-activity;sid:81179435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"45.148.10.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316334/; classtype:trojan-activity;sid:81179434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.mips"; http_uri; depth:17; isdataat:!1,relative; content:"45.148.10.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316333/; classtype:trojan-activity;sid:81179433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x"; http_uri; depth:7; isdataat:!1,relative; content:"45.148.10.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316332/; classtype:trojan-activity;sid:81179432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"45.148.10.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316331/; classtype:trojan-activity;sid:81179431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"45.148.10.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316330/; classtype:trojan-activity;sid:81179430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"45.148.10.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316329/; classtype:trojan-activity;sid:81179429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.arm"; http_uri; depth:16; isdataat:!1,relative; content:"45.148.10.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316328/; classtype:trojan-activity;sid:81179428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/ggpgbbi/links/linkscryy.exe"; http_uri; depth:47; isdataat:!1,relative; content:"ruianxiaofang.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316327/; classtype:trojan-activity;sid:81179427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/741252.exe"; http_uri; depth:20; isdataat:!1,relative; content:"www.riyanenterprise.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316326/; classtype:trojan-activity;sid:81179426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/qxze1srv"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316325/; classtype:trojan-activity;sid:81179425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.spc"; http_uri; depth:17; isdataat:!1,relative; content:"188.213.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316324/; classtype:trojan-activity;sid:81179424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.mpsl"; http_uri; depth:18; isdataat:!1,relative; content:"188.213.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316323/; classtype:trojan-activity;sid:81179423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.mips"; http_uri; depth:18; isdataat:!1,relative; content:"188.213.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316322/; classtype:trojan-activity;sid:81179422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"188.213.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316321/; classtype:trojan-activity;sid:81179421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"188.213.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316320/; classtype:trojan-activity;sid:81179420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"188.213.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316319/; classtype:trojan-activity;sid:81179419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.arm"; http_uri; depth:17; isdataat:!1,relative; content:"188.213.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316318/; classtype:trojan-activity;sid:81179418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"130.225.155.104.bc.googleusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316317/; classtype:trojan-activity;sid:81179417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"130.225.155.104.bc.googleusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316316/; classtype:trojan-activity;sid:81179416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; content:"130.225.155.104.bc.googleusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316315/; classtype:trojan-activity;sid:81179415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"130.225.155.104.bc.googleusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316314/; classtype:trojan-activity;sid:81179414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"130.225.155.104.bc.googleusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316313/; classtype:trojan-activity;sid:81179413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"130.225.155.104.bc.googleusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316312/; classtype:trojan-activity;sid:81179412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; content:"130.225.155.104.bc.googleusercontent.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316311/; classtype:trojan-activity;sid:81179411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"96.47.239.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316310/; classtype:trojan-activity;sid:81179410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"96.47.239.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316309/; classtype:trojan-activity;sid:81179409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"96.47.239.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316308/; classtype:trojan-activity;sid:81179408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"96.47.239.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316307/; classtype:trojan-activity;sid:81179407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"96.47.239.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316306/; classtype:trojan-activity;sid:81179406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"96.47.239.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316305/; classtype:trojan-activity;sid:81179405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jeksseeessss.arm6"; http_uri; depth:23; isdataat:!1,relative; content:"82.118.242.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316304/; classtype:trojan-activity;sid:81179404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.spc"; http_uri; depth:17; isdataat:!1,relative; content:"192.236.155.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316303/; classtype:trojan-activity;sid:81179403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.mpsl"; http_uri; depth:18; isdataat:!1,relative; content:"192.236.155.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316302/; classtype:trojan-activity;sid:81179402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.mips"; http_uri; depth:18; isdataat:!1,relative; content:"192.236.155.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316301/; classtype:trojan-activity;sid:81179401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"192.236.155.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316300/; classtype:trojan-activity;sid:81179400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"192.236.155.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316299/; classtype:trojan-activity;sid:81179399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"192.236.155.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316298/; classtype:trojan-activity;sid:81179398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.arm"; http_uri; depth:17; isdataat:!1,relative; content:"192.236.155.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316297/; classtype:trojan-activity;sid:81179397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.138.122.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316296/; classtype:trojan-activity;sid:81179396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.23.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316295/; classtype:trojan-activity;sid:81179395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"72.2.246.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316294/; classtype:trojan-activity;sid:81179394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"117.60.26.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316293/; classtype:trojan-activity;sid:81179393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.11.62.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316292/; classtype:trojan-activity;sid:81179392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.114.252.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316291/; classtype:trojan-activity;sid:81179391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.54.198.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316290/; classtype:trojan-activity;sid:81179390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.28.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316289/; classtype:trojan-activity;sid:81179389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.77.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316288/; classtype:trojan-activity;sid:81179388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"124.67.89.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316287/; classtype:trojan-activity;sid:81179387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.49.225.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316286/; classtype:trojan-activity;sid:81179386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.137.136.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316285/; classtype:trojan-activity;sid:81179385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.118.96.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316284/; classtype:trojan-activity;sid:81179384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.81.143.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316283/; classtype:trojan-activity;sid:81179383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.116.232.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316282/; classtype:trojan-activity;sid:81179382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"113.245.139.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316281/; classtype:trojan-activity;sid:81179381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.166.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316280/; classtype:trojan-activity;sid:81179380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.210.211.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316279/; classtype:trojan-activity;sid:81179379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.59.117.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316278/; classtype:trojan-activity;sid:81179378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"221.15.248.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316277/; classtype:trojan-activity;sid:81179377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"1.246.223.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316276/; classtype:trojan-activity;sid:81179376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"110.154.175.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316275/; classtype:trojan-activity;sid:81179375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.spc"; http_uri; depth:16; isdataat:!1,relative; content:"92.118.27.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316274/; classtype:trojan-activity;sid:81179374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"92.118.27.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316273/; classtype:trojan-activity;sid:81179373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mips"; http_uri; depth:17; isdataat:!1,relative; content:"92.118.27.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316272/; classtype:trojan-activity;sid:81179372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"92.118.27.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316271/; classtype:trojan-activity;sid:81179371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"92.118.27.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316270/; classtype:trojan-activity;sid:81179370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"92.118.27.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316269/; classtype:trojan-activity;sid:81179369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm"; http_uri; depth:16; isdataat:!1,relative; content:"92.118.27.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316268/; classtype:trojan-activity;sid:81179368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/blxntz.spc"; http_uri; depth:16; isdataat:!1,relative; content:"104.168.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316267/; classtype:trojan-activity;sid:81179367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/blxntz.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"104.168.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316266/; classtype:trojan-activity;sid:81179366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/blxntz.mips"; http_uri; depth:17; isdataat:!1,relative; content:"104.168.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316265/; classtype:trojan-activity;sid:81179365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/blxntz.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"104.168.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316264/; classtype:trojan-activity;sid:81179364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/blxntz.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"104.168.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316263/; classtype:trojan-activity;sid:81179363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/blxntz.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"104.168.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316262/; classtype:trojan-activity;sid:81179362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/blxntz.arm"; http_uri; depth:16; isdataat:!1,relative; content:"104.168.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316261/; classtype:trojan-activity;sid:81179361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/sh4"; http_uri; depth:11; isdataat:!1,relative; content:"194.180.224.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316260/; classtype:trojan-activity;sid:81179360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"194.180.224.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316259/; classtype:trojan-activity;sid:81179359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/mips"; http_uri; depth:12; isdataat:!1,relative; content:"194.180.224.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316258/; classtype:trojan-activity;sid:81179358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/arm7"; http_uri; depth:12; isdataat:!1,relative; content:"194.180.224.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316257/; classtype:trojan-activity;sid:81179357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/arm6"; http_uri; depth:12; isdataat:!1,relative; content:"194.180.224.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316256/; classtype:trojan-activity;sid:81179356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/arm5"; http_uri; depth:12; isdataat:!1,relative; content:"194.180.224.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316255/; classtype:trojan-activity;sid:81179355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/arm"; http_uri; depth:11; isdataat:!1,relative; content:"194.180.224.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316254/; classtype:trojan-activity;sid:81179354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/a6cjctkm"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316253/; classtype:trojan-activity;sid:81179353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.mpsl"; http_uri; depth:34; isdataat:!1,relative; content:"45.148.10.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316252/; classtype:trojan-activity;sid:81179352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.mips"; http_uri; depth:34; isdataat:!1,relative; content:"45.148.10.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316251/; classtype:trojan-activity;sid:81179351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.arm7"; http_uri; depth:34; isdataat:!1,relative; content:"45.148.10.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316250/; classtype:trojan-activity;sid:81179350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.arm6"; http_uri; depth:34; isdataat:!1,relative; content:"45.148.10.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316249/; classtype:trojan-activity;sid:81179349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.arm5"; http_uri; depth:34; isdataat:!1,relative; content:"45.148.10.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316248/; classtype:trojan-activity;sid:81179348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.arm"; http_uri; depth:33; isdataat:!1,relative; content:"45.148.10.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316247/; classtype:trojan-activity;sid:81179347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"159.203.39.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316246/; classtype:trojan-activity;sid:81179346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.mips"; http_uri; depth:17; isdataat:!1,relative; content:"159.203.39.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316245/; classtype:trojan-activity;sid:81179345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"159.203.39.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316244/; classtype:trojan-activity;sid:81179344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"159.203.39.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316243/; classtype:trojan-activity;sid:81179343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"159.203.39.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316242/; classtype:trojan-activity;sid:81179342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"159.203.39.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316241/; classtype:trojan-activity;sid:81179341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.arm"; http_uri; depth:16; isdataat:!1,relative; content:"159.203.39.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316240/; classtype:trojan-activity;sid:81179340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/sly_arc"; http_uri; depth:10; isdataat:!1,relative; content:"142.11.212.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316239/; classtype:trojan-activity;sid:81179339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/sly_mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"142.11.212.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316238/; classtype:trojan-activity;sid:81179338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/sly_mips"; http_uri; depth:11; isdataat:!1,relative; content:"142.11.212.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316237/; classtype:trojan-activity;sid:81179337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/sly_arm7"; http_uri; depth:11; isdataat:!1,relative; content:"142.11.212.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316236/; classtype:trojan-activity;sid:81179336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/sly_arm6"; http_uri; depth:11; isdataat:!1,relative; content:"142.11.212.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316235/; classtype:trojan-activity;sid:81179335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/sly_arm5"; http_uri; depth:11; isdataat:!1,relative; content:"142.11.212.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316234/; classtype:trojan-activity;sid:81179334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/sly_arm"; http_uri; depth:10; isdataat:!1,relative; content:"142.11.212.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316233/; classtype:trojan-activity;sid:81179333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/trusty/444444.png"; http_uri; depth:18; isdataat:!1,relative; content:"g2creditsolutions.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316232/; classtype:trojan-activity;sid:81179332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mmtyklm5"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316231/; classtype:trojan-activity;sid:81179331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/braveiot/zte"; http_uri; depth:13; isdataat:!1,relative; content:"45.84.196.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316230/; classtype:trojan-activity;sid:81179330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/braveiot/x86"; http_uri; depth:13; isdataat:!1,relative; content:"45.84.196.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316229/; classtype:trojan-activity;sid:81179329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/braveiot/root"; http_uri; depth:14; isdataat:!1,relative; content:"45.84.196.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316228/; classtype:trojan-activity;sid:81179328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/braveiot/mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"45.84.196.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316227/; classtype:trojan-activity;sid:81179327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/braveiot/mips"; http_uri; depth:14; isdataat:!1,relative; content:"45.84.196.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316226/; classtype:trojan-activity;sid:81179326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/braveiot/arm7"; http_uri; depth:14; isdataat:!1,relative; content:"45.84.196.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316225/; classtype:trojan-activity;sid:81179325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/braveiot/arm6"; http_uri; depth:14; isdataat:!1,relative; content:"45.84.196.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316224/; classtype:trojan-activity;sid:81179324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; content:"cdn-063.dl-sync.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316223/; classtype:trojan-activity;sid:81179323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kc-botnet/arm5"; http_uri; depth:15; isdataat:!1,relative; content:"91.208.184.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316222/; classtype:trojan-activity;sid:81179322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kc-botnet/arm6"; http_uri; depth:15; isdataat:!1,relative; content:"91.208.184.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316221/; classtype:trojan-activity;sid:81179321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kc-botnet/arm7"; http_uri; depth:15; isdataat:!1,relative; content:"91.208.184.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316220/; classtype:trojan-activity;sid:81179320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kc-botnet/spc"; http_uri; depth:14; isdataat:!1,relative; content:"91.208.184.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316219/; classtype:trojan-activity;sid:81179319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kc-botnet/arm"; http_uri; depth:14; isdataat:!1,relative; content:"91.208.184.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316218/; classtype:trojan-activity;sid:81179318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kc-botnet/mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"91.208.184.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316217/; classtype:trojan-activity;sid:81179317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kc-botnet/mips"; http_uri; depth:15; isdataat:!1,relative; content:"91.208.184.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316216/; classtype:trojan-activity;sid:81179316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kc-botnet/x86"; http_uri; depth:14; isdataat:!1,relative; content:"91.208.184.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316215/; classtype:trojan-activity;sid:81179315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; content:"82.118.242.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316214/; classtype:trojan-activity;sid:81179314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/securesc/a4tlvdadhfuboj4h3k1e0eoj8q1h6d74/qqpoftjonoti21s69l29bd4hknmi38ca/1582130700000/16414305884720871114/10591473515470370715z/1zow9wj0a164estihauazlt0zge1abknae=download|7c|26|7c|nonce=3mbkkkpt9u6oc|7c|26|7c|user=10591473515470370715z|7c|26|7c|hash=qsgfdclm7s0c1omve38nmpkvjnd4tk4f"; http_uri; depth:293; isdataat:!1,relative; content:"doc-0o-70-docs.googleusercontent.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316213/; classtype:trojan-activity;sid:81179313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eye/nono_encrypted_d0c8e2f.bin"; http_uri; depth:31; isdataat:!1,relative; content:"gm-adv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316212/; classtype:trojan-activity;sid:81179312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eye/zeu$_encrypted_56368d0.bin"; http_uri; depth:31; isdataat:!1,relative; content:"gm-adv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316211/; classtype:trojan-activity;sid:81179311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eye/zeu$_encrypted_8a5264f.bin"; http_uri; depth:31; isdataat:!1,relative; content:"gm-adv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316210/; classtype:trojan-activity;sid:81179310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eye/tatata_encrypted_d57aa0f.bin"; http_uri; depth:33; isdataat:!1,relative; content:"gm-adv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316209/; classtype:trojan-activity;sid:81179309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eye/tataremc_encrypted_900ab4f.bin"; http_uri; depth:35; isdataat:!1,relative; content:"gm-adv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316208/; classtype:trojan-activity;sid:81179308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eye/tataremc_encrypted_77a0910.bin"; http_uri; depth:35; isdataat:!1,relative; content:"gm-adv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316207/; classtype:trojan-activity;sid:81179307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eye/billion$$_encrypted_9ec428f.bin"; http_uri; depth:36; isdataat:!1,relative; content:"gm-adv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316206/; classtype:trojan-activity;sid:81179306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eye/billion$$%20(2)_encrypted_91eb89f.bin"; http_uri; depth:42; isdataat:!1,relative; content:"gm-adv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316205/; classtype:trojan-activity;sid:81179305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/transaction/remittance.ps1"; http_uri; depth:27; isdataat:!1,relative; content:"gm-adv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316204/; classtype:trojan-activity;sid:81179304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"41.38.196.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316203/; classtype:trojan-activity;sid:81179303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"78.26.149.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316202/; classtype:trojan-activity;sid:81179302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"78.188.92.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316201/; classtype:trojan-activity;sid:81179301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2nfo2vs3et5g/6y1v61ntgl7hqnp/pagamento+gennaio.7z"; http_uri; depth:50; isdataat:!1,relative; content:"download1643.mediafire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316200/; classtype:trojan-activity;sid:81179300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/6y1v61ntgl7hqnp/pagamento_gennaio.7z/file"; http_uri; depth:47; isdataat:!1,relative; content:"mediafire.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316199/; classtype:trojan-activity;sid:81179299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.x86"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.13.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316198/; classtype:trojan-activity;sid:81179298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nemesis.x86"; http_uri; depth:12; isdataat:!1,relative; content:"193.242.211.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316197/; classtype:trojan-activity;sid:81179297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.x86"; http_uri; depth:16; isdataat:!1,relative; content:"167.172.51.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316196/; classtype:trojan-activity;sid:81179296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"103.223.121.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316195/; classtype:trojan-activity;sid:81179295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hilix.x86"; http_uri; depth:15; isdataat:!1,relative; content:"206.189.30.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316194/; classtype:trojan-activity;sid:81179294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.x86"; http_uri; depth:16; isdataat:!1,relative; content:"45.148.10.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316193/; classtype:trojan-activity;sid:81179293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.x86"; http_uri; depth:17; isdataat:!1,relative; content:"188.213.165.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316192/; classtype:trojan-activity;sid:81179292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/piars.dot"; http_uri; depth:10; isdataat:!1,relative; content:"karpa.bounceme.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316191/; classtype:trojan-activity;sid:81179291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"104.155.225.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316190/; classtype:trojan-activity;sid:81179290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"96.47.239.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316189/; classtype:trojan-activity;sid:81179289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xelfbiuojlwgbyumvyzb/frllo.bin"; http_uri; depth:31; isdataat:!1,relative; content:"warmsun.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316188/; classtype:trojan-activity;sid:81179288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.13.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316187/; classtype:trojan-activity;sid:81179287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"37.49.226.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316186/; classtype:trojan-activity;sid:81179286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hakka/helios.x86"; http_uri; depth:17; isdataat:!1,relative; content:"192.236.155.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316185/; classtype:trojan-activity;sid:81179285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/kiga.x86"; http_uri; depth:15; isdataat:!1,relative; content:"51.89.23.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316184/; classtype:trojan-activity;sid:81179284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.x86"; http_uri; depth:16; isdataat:!1,relative; content:"92.118.27.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316183/; classtype:trojan-activity;sid:81179283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.x86"; http_uri; depth:16; isdataat:!1,relative; content:"95.179.152.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316182/; classtype:trojan-activity;sid:81179282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.x86"; http_uri; depth:16; isdataat:!1,relative; content:"167.172.174.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316181/; classtype:trojan-activity;sid:81179281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/blxntz.x86"; http_uri; depth:16; isdataat:!1,relative; content:"104.168.215.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316180/; classtype:trojan-activity;sid:81179280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.x86"; http_uri; depth:25; isdataat:!1,relative; content:"64.225.97.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316179/; classtype:trojan-activity;sid:81179279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnet/x86"; http_uri; depth:11; isdataat:!1,relative; content:"194.180.224.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316178/; classtype:trojan-activity;sid:81179278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dafuqman111/gh0st0a1s0as2d12.x86"; http_uri; depth:33; isdataat:!1,relative; content:"45.148.10.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316177/; classtype:trojan-activity;sid:81179277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razor/r4z0r.x86"; http_uri; depth:16; isdataat:!1,relative; content:"159.203.39.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316176/; classtype:trojan-activity;sid:81179276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/sly_x86"; http_uri; depth:10; isdataat:!1,relative; content:"142.11.212.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316175/; classtype:trojan-activity;sid:81179275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/braveiot/arm"; http_uri; depth:13; isdataat:!1,relative; content:"45.84.196.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316174/; classtype:trojan-activity;sid:81179274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kc-botnet/x86_64"; http_uri; depth:17; isdataat:!1,relative; content:"91.208.184.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316173/; classtype:trojan-activity;sid:81179273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xmujqjcgkuonrqdtjzml/ktyaowm.bin"; http_uri; depth:33; isdataat:!1,relative; content:"deeppool.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316172/; classtype:trojan-activity;sid:81179272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; content:"37.49.226.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316171/; classtype:trojan-activity;sid:81179271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; content:"37.49.226.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316170/; classtype:trojan-activity;sid:81179270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; content:"37.49.226.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316169/; classtype:trojan-activity;sid:81179269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; content:"37.49.226.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316168/; classtype:trojan-activity;sid:81179268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; content:"37.49.226.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316167/; classtype:trojan-activity;sid:81179267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; content:"37.49.226.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316166/; classtype:trojan-activity;sid:81179266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; content:"37.49.226.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316165/; classtype:trojan-activity;sid:81179265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"37.49.226.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316164/; classtype:trojan-activity;sid:81179264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; content:"37.49.226.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316163/; classtype:trojan-activity;sid:81179263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jeksseeessss.mpsl"; http_uri; depth:23; isdataat:!1,relative; content:"82.118.242.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316162/; classtype:trojan-activity;sid:81179262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jeksseeessss.mips"; http_uri; depth:23; isdataat:!1,relative; content:"82.118.242.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316161/; classtype:trojan-activity;sid:81179261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jeksseeessss.ppc"; http_uri; depth:22; isdataat:!1,relative; content:"82.118.242.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316160/; classtype:trojan-activity;sid:81179260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jeksseeessss.spc"; http_uri; depth:22; isdataat:!1,relative; content:"82.118.242.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316159/; classtype:trojan-activity;sid:81179259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jeksseeessss.sh4"; http_uri; depth:22; isdataat:!1,relative; content:"82.118.242.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316158/; classtype:trojan-activity;sid:81179258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jeksseeessss.m68k"; http_uri; depth:23; isdataat:!1,relative; content:"82.118.242.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316157/; classtype:trojan-activity;sid:81179257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jeksseeessss.arm7"; http_uri; depth:23; isdataat:!1,relative; content:"82.118.242.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316156/; classtype:trojan-activity;sid:81179256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jeksseeessss.arm5"; http_uri; depth:23; isdataat:!1,relative; content:"82.118.242.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316154/; classtype:trojan-activity;sid:81179254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jeksseeessss.arm"; http_uri; depth:22; isdataat:!1,relative; content:"82.118.242.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316153/; classtype:trojan-activity;sid:81179253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jeksseeessss.x86"; http_uri; depth:22; isdataat:!1,relative; content:"82.118.242.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316152/; classtype:trojan-activity;sid:81179252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"66.38.92.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316151/; classtype:trojan-activity;sid:81179251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316150/; classtype:trojan-activity;sid:81179250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.115.121.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316149/; classtype:trojan-activity;sid:81179249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316148/; classtype:trojan-activity;sid:81179248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"115.61.122.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316147/; classtype:trojan-activity;sid:81179247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.184.121.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316146/; classtype:trojan-activity;sid:81179246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"49.70.34.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316145/; classtype:trojan-activity;sid:81179245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316144/; classtype:trojan-activity;sid:81179244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"62.16.59.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316143/; classtype:trojan-activity;sid:81179243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316142/; classtype:trojan-activity;sid:81179242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.127.89.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316141/; classtype:trojan-activity;sid:81179241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316140/; classtype:trojan-activity;sid:81179240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316139/; classtype:trojan-activity;sid:81179239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"112.17.152.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316138/; classtype:trojan-activity;sid:81179238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"64.57.173.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316137/; classtype:trojan-activity;sid:81179237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316136/; classtype:trojan-activity;sid:81179236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.97.159.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316135/; classtype:trojan-activity;sid:81179235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"116.114.95.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316134/; classtype:trojan-activity;sid:81179234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"182.90.12.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316133/; classtype:trojan-activity;sid:81179233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"118.117.50.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316132/; classtype:trojan-activity;sid:81179232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlrdlrdlrdlr00001/d4mnasdasd4mn.sh4"; http_uri; depth:36; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316131/; classtype:trojan-activity;sid:81179231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlrdlrdlrdlr00001/d4mnasdasd4mn.ppc"; http_uri; depth:36; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316130/; classtype:trojan-activity;sid:81179230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlrdlrdlrdlr00001/d4mnasdasd4mn.spc"; http_uri; depth:36; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316129/; classtype:trojan-activity;sid:81179229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlrdlrdlrdlr00001/d4mnasdasd4mn.mpsl"; http_uri; depth:37; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316128/; classtype:trojan-activity;sid:81179228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlrdlrdlrdlr00001/d4mnasdasd4mn.mips"; http_uri; depth:37; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316127/; classtype:trojan-activity;sid:81179227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlrdlrdlrdlr00001/d4mnasdasd4mn.m68k"; http_uri; depth:37; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316126/; classtype:trojan-activity;sid:81179226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlrdlrdlrdlr00001/d4mnasdasd4mn.arm7"; http_uri; depth:37; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316125/; classtype:trojan-activity;sid:81179225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlrdlrdlrdlr00001/d4mnasdasd4mn.arm6"; http_uri; depth:37; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316124/; classtype:trojan-activity;sid:81179224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlrdlrdlrdlr00001/d4mnasdasd4mn.arm5"; http_uri; depth:37; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316123/; classtype:trojan-activity;sid:81179223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlrdlrdlrdlr00001/d4mnasdasd4mn.arm"; http_uri; depth:36; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316122/; classtype:trojan-activity;sid:81179222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlrdlrdlrdlr00001/d4mnasdasd4mn.x86"; http_uri; depth:36; isdataat:!1,relative; content:"45.148.10.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316121/; classtype:trojan-activity;sid:81179221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mcjhvehyur=50907"; http_uri; depth:17; isdataat:!1,relative; content:"kojames.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316120/; classtype:trojan-activity;sid:81179220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/22.exe"; http_uri; depth:7; isdataat:!1,relative; content:"marcoolacoolumplumber.com.au"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316119/; classtype:trojan-activity;sid:81179219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cfufyvbh"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316118/; classtype:trojan-activity;sid:81179218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/og/hydro.bin"; http_uri; depth:13; isdataat:!1,relative; content:"officearchives.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316117/; classtype:trojan-activity;sid:81179217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/og/documentation.rtf"; http_uri; depth:21; isdataat:!1,relative; content:"officearchives.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316116/; classtype:trojan-activity;sid:81179216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"202.39.237.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316115/; classtype:trojan-activity;sid:81179215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"114.239.141.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316114/; classtype:trojan-activity;sid:81179214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/eex3bzm7"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316113/; classtype:trojan-activity;sid:81179213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/r/r1qms"; http_uri; depth:8; isdataat:!1,relative; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316112/; classtype:trojan-activity;sid:81179212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.103.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316111/; classtype:trojan-activity;sid:81179211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"219.155.162.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316110/; classtype:trojan-activity;sid:81179210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.142.195.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316109/; classtype:trojan-activity;sid:81179209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"125.42.234.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316108/; classtype:trojan-activity;sid:81179208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"222.139.216.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316107/; classtype:trojan-activity;sid:81179207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.234.105.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316106/; classtype:trojan-activity;sid:81179206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.42.102.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316105/; classtype:trojan-activity;sid:81179205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316104/; classtype:trojan-activity;sid:81179204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"180.142.231.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316103/; classtype:trojan-activity;sid:81179203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"42.230.205.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316102/; classtype:trojan-activity;sid:81179202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316101/; classtype:trojan-activity;sid:81179201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.12.233.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316100/; classtype:trojan-activity;sid:81179200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"123.5.119.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316099/; classtype:trojan-activity;sid:81179199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"173.242.143.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316098/; classtype:trojan-activity;sid:81179198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"114.226.95.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316097/; classtype:trojan-activity;sid:81179197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"60.210.157.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316096/; classtype:trojan-activity;sid:81179196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; content:"111.43.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316095/; classtype:trojan-activity;sid:81179195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"176.15.122.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316094/; classtype:trojan-activity;sid:81179194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2c97q7ss"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316093/; classtype:trojan-activity;sid:81179193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x.exe"; http_uri; depth:6; isdataat:!1,relative; content:"marcoolacoolumplumber.com.au"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316092/; classtype:trojan-activity;sid:81179192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/god1.doc"; http_uri; depth:14; isdataat:!1,relative; content:"thaistoneshops.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316091/; classtype:trojan-activity;sid:81179191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/g001.doc"; http_uri; depth:14; isdataat:!1,relative; content:"thaistoneshops.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316090/; classtype:trojan-activity;sid:81179190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/5888.doc"; http_uri; depth:14; isdataat:!1,relative; content:"thaistoneshops.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316089/; classtype:trojan-activity;sid:81179189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/5216.doc"; http_uri; depth:14; isdataat:!1,relative; content:"thaistoneshops.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_19; reference:url, urlhaus.abuse.ch/url/316088/; classtype:trojan-activity;sid:81179188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/flick_encrypted_4b00600.bin"; http_uri; depth:28; isdataat:!1,relative; content:"185.112.249.122"; http_host; depth:15;