################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2019-03-25 23:34:09 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/jmym-kbwu_vcrxpif-kk/"; http_uri; depth:31; isdataat:!1,relative; content:"camev.com.tr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165845/; classtype:trojan-activity;sid:81028945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/tracking-number-2uf94505944310721/mar-26-19-02-09-02/"; http_uri; depth:63; isdataat:!1,relative; content:"busdibandung.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165844/; classtype:trojan-activity;sid:81028944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mxrgyso/1957424179/hvbnh-mkxsl_qbt-6y/"; http_uri; depth:39; isdataat:!1,relative; content:"buydirect365.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165843/; classtype:trojan-activity;sid:81028943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/ups-express-domestic/mar-26-19-02-04-01/"; http_uri; depth:60; isdataat:!1,relative; content:"archionedesign.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165841/; classtype:trojan-activity;sid:81028941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/jnhj-2feku_o-ud/"; http_uri; depth:28; isdataat:!1,relative; content:"bmakb.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165840/; classtype:trojan-activity;sid:81028940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ups-express-domestic/mar-26-19-02-03-01/"; http_uri; depth:53; isdataat:!1,relative; content:"bricksinfratech.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165839/; classtype:trojan-activity;sid:81028939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pgo42hu/urid-t6z_oheecwoc-ws/"; http_uri; depth:30; isdataat:!1,relative; content:"batismaterial.ir"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165838/; classtype:trojan-activity;sid:81028938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/npftmzk/ups-us/mar-26-19-01-56-01/"; http_uri; depth:35; isdataat:!1,relative; content:"blog.sparshayurveda.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165837/; classtype:trojan-activity;sid:81028937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8esh3ns/ups-quantum-view/mar-26-19-01-54-04/"; http_uri; depth:45; isdataat:!1,relative; content:"bluedreamlistings.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165836/; classtype:trojan-activity;sid:81028936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/bsf-kayros/0233893832/jovz-1jrlx_mrnse-in/"; http_uri; depth:61; isdataat:!1,relative; content:"bsf-kayros.com.ua"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165835/; classtype:trojan-activity;sid:81028935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nair-7y_n-df8/"; http_uri; depth:15; isdataat:!1,relative; content:"tubbzmix.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165834/; classtype:trojan-activity;sid:81028934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zwlhti/xfile3.exe"; http_uri; depth:18; isdataat:!1,relative; content:"77.73.68.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165833/; classtype:trojan-activity;sid:81028933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vo3mynw/ups.com/mar-26-19-01-48-01/"; http_uri; depth:36; isdataat:!1,relative; content:"blog.almeidaboer.adv.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165832/; classtype:trojan-activity;sid:81028932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/ups-view/mar-26-19-01-44-04/"; http_uri; depth:32; isdataat:!1,relative; content:"blog.engrhamisulambu2019.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165830/; classtype:trojan-activity;sid:81028930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/animasyon/grmjb-dj_vylukdr-4zm/"; http_uri; depth:32; isdataat:!1,relative; content:"bkarakas.ztml.k12.tr"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165829/; classtype:trojan-activity;sid:81028929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/en_en/invoice/3456507/wdmrt-hph_tqxmizdl-go/"; http_uri; depth:64; isdataat:!1,relative; content:"www.wzydw.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165828/; classtype:trojan-activity;sid:81028928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ups-ship-notification/mar-26-19-01-40-04/"; http_uri; depth:53; isdataat:!1,relative; content:"blog.blogdasutilidades.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165826/; classtype:trojan-activity;sid:81028926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/resume_n/tifn-s0ep_teru-4nd/"; http_uri; depth:29; isdataat:!1,relative; content:"berrybook.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165825/; classtype:trojan-activity;sid:81028925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/ups/mar-26-19-01-36-02/"; http_uri; depth:43; isdataat:!1,relative; content:"bkpp.bogorkab.go.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165824/; classtype:trojan-activity;sid:81028924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gaudo-iq6_gqrosyi-tf/"; http_uri; depth:33; isdataat:!1,relative; content:"blog.glanzsolution.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165823/; classtype:trojan-activity;sid:81028923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/4271022/wbbs-uq_k-dye/"; http_uri; depth:34; isdataat:!1,relative; content:"bfbelectrical.co.uk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165822/; classtype:trojan-activity;sid:81028922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/ups/mar-26-19-01-28-04/"; http_uri; depth:27; isdataat:!1,relative; content:"beta.toranarajgadnyas.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165821/; classtype:trojan-activity;sid:81028921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bjxgoag/nvaym-c7x4_llwmpw-jya/"; http_uri; depth:31; isdataat:!1,relative; content:"besserewetten.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165820/; classtype:trojan-activity;sid:81028920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/owa/ubwx-mk_aojnuoypp-kx/"; http_uri; depth:26; isdataat:!1,relative; content:"bf2.kreatywnet.pl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165819/; classtype:trojan-activity;sid:81028919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/iduz-qbvk0_pznhwj-au3/"; http_uri; depth:34; isdataat:!1,relative; content:"battleoftheblocks.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165818/; classtype:trojan-activity;sid:81028918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ups-express-domestic/mar-26-19-01-20-04/"; http_uri; depth:53; isdataat:!1,relative; content:"bayonetrobles.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165817/; classtype:trojan-activity;sid:81028917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/ups-ship-notification/mar-26-19-01-18-02/"; http_uri; depth:49; isdataat:!1,relative; content:"ayudhaya-info.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165816/; classtype:trojan-activity;sid:81028916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/b2b-discovery--4444/waph-vsz_jmxtitmj-z9b/"; http_uri; depth:43; isdataat:!1,relative; content:"b2bdiscovery.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165815/; classtype:trojan-activity;sid:81028915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ups-quantum-view/mar-26-19-01-12-04/"; http_uri; depth:48; isdataat:!1,relative; content:"artcityhotelistanbul.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165814/; classtype:trojan-activity;sid:81028914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hejxjrzjys/3978861743009/ocrjh-yuo_vce-mgr/"; http_uri; depth:44; isdataat:!1,relative; content:"avts.vn"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165813/; classtype:trojan-activity;sid:81028913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/907312367329983/sjlar-8byar_gbcv-rf/"; http_uri; depth:45; isdataat:!1,relative; content:"autoride.gr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165812/; classtype:trojan-activity;sid:81028912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/esa2vai/ups.com/mar-26-19-01-03-01/"; http_uri; depth:36; isdataat:!1,relative; content:"bareal.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165811/; classtype:trojan-activity;sid:81028911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/068681641805518/dgpd-vf_bllzbf-wrr/"; http_uri; depth:40; isdataat:!1,relative; content:"autoparteslasheras.com.ar"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165809/; classtype:trojan-activity;sid:81028909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ucgeb-6ic_zukbicj-7i/"; http_uri; depth:34; isdataat:!1,relative; content:"b010.info"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165808/; classtype:trojan-activity;sid:81028908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/ups/mar-26-19-12-55-01/"; http_uri; depth:34; isdataat:!1,relative; content:"7uptheme.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165807/; classtype:trojan-activity;sid:81028907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/zqctj-sh_m-m9/"; http_uri; depth:27; isdataat:!1,relative; content:"automation.vasoftsolutions.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165806/; classtype:trojan-activity;sid:81028906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/licl-oe_uejx-gf/"; http_uri; depth:27; isdataat:!1,relative; content:"104.199.129.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165804/; classtype:trojan-activity;sid:81028904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; content:"breakin.cf"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165803/; classtype:trojan-activity;sid:81028903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ups-us/mar-26-19-12-48-01/"; http_uri; depth:36; isdataat:!1,relative; content:"159.65.142.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165802/; classtype:trojan-activity;sid:81028902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/oerl-cax2_tsxc-0w/"; http_uri; depth:31; isdataat:!1,relative; content:"amthanhanhsangtoanem.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165801/; classtype:trojan-activity;sid:81028901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ups-express-domestic/mar-26-19-12-48-01/"; http_uri; depth:52; isdataat:!1,relative; content:"35.192.76.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165800/; classtype:trojan-activity;sid:81028900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/xoszd-wz_pkitjphnc-yt/"; http_uri; depth:35; isdataat:!1,relative; content:"ariko.vn"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165799/; classtype:trojan-activity;sid:81028899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mnacsil/ups.com/mar-26-19-12-47-04/"; http_uri; depth:36; isdataat:!1,relative; content:"atemplate.kreation4u.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165798/; classtype:trojan-activity;sid:81028898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zo0kffp/nvatu-p2m1d_fyrkn-3u/"; http_uri; depth:30; isdataat:!1,relative; content:"atlanticlinkz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165797/; classtype:trojan-activity;sid:81028897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beauty-house/cnas-vy_skwpqz-vfn/"; http_uri; depth:33; isdataat:!1,relative; content:"tem2.belocal.today"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165796/; classtype:trojan-activity;sid:81028896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/otgaq-sdeo_umyouqil-yci/"; http_uri; depth:37; isdataat:!1,relative; content:"actio.expert"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165795/; classtype:trojan-activity;sid:81028895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ups/mar-26-19-12-31-02/"; http_uri; depth:36; isdataat:!1,relative; content:"aryaaconsultancyservices.in"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165794/; classtype:trojan-activity;sid:81028894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/6243011706708303.zip"; http_uri; depth:21; isdataat:!1,relative; content:"demo7.maybay.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165792/; classtype:trojan-activity;sid:81028892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/plsl/"; http_uri; depth:14; isdataat:!1,relative; content:"property-in-vietnam.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165791/; classtype:trojan-activity;sid:81028891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7njtmlx/ew/"; http_uri; depth:12; isdataat:!1,relative; content:"lifestylescape.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165790/; classtype:trojan-activity;sid:81028890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/00akhwu/ws/"; http_uri; depth:12; isdataat:!1,relative; content:"178.128.25.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165789/; classtype:trojan-activity;sid:81028889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/ups-ship-notification/mar-26-19-12-27-02/"; http_uri; depth:50; isdataat:!1,relative; content:"aomua.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165787/; classtype:trojan-activity;sid:81028887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/xgr4y/"; http_uri; depth:14; isdataat:!1,relative; content:"www.udhaiyamdhall.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165786/; classtype:trojan-activity;sid:81028886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/zblda-mvkmp_fh-fi/"; http_uri; depth:31; isdataat:!1,relative; content:"appnomina.advans.mx"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165784/; classtype:trojan-activity;sid:81028884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/cq_9/"; http_uri; depth:14; isdataat:!1,relative; content:"ap.dahrabuildcon.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165781/; classtype:trojan-activity;sid:81028881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/rh_gm/"; http_uri; depth:15; isdataat:!1,relative; content:"shoparsi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165780/; classtype:trojan-activity;sid:81028880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/oh_du/"; http_uri; depth:18; isdataat:!1,relative; content:"ticket2go.by"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165779/; classtype:trojan-activity;sid:81028879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mhjisei3p/p_ip/"; http_uri; depth:16; isdataat:!1,relative; content:"www.91fhb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165778/; classtype:trojan-activity;sid:81028878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/h_w6/"; http_uri; depth:17; isdataat:!1,relative; content:"www.form8.sadek-webdesigner.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165777/; classtype:trojan-activity;sid:81028877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/foeyu-noqg_nkpmriw-lid/"; http_uri; depth:36; isdataat:!1,relative; content:"aksharidwar.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165775/; classtype:trojan-activity;sid:81028875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ghnef-hsv21_ndgyly-sn/"; http_uri; depth:34; isdataat:!1,relative; content:"akudankanvas.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165774/; classtype:trojan-activity;sid:81028874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/gzudh-hejgi_otyyz-6ah/"; http_uri; depth:42; isdataat:!1,relative; content:"ambiente.green"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165773/; classtype:trojan-activity;sid:81028873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/taz0mpb/etfz-rv5_paamjfuqo-7b/"; http_uri; depth:31; isdataat:!1,relative; content:"aegweb.nd.co.th"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165771/; classtype:trojan-activity;sid:81028871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ajiuz-ipzw_nz-t7i/"; http_uri; depth:30; isdataat:!1,relative; content:"alexfranco.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165770/; classtype:trojan-activity;sid:81028870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ups-ship-notification/mar-25-19-11-57-05/"; http_uri; depth:51; isdataat:!1,relative; content:"aluboobikes.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165769/; classtype:trojan-activity;sid:81028869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/aegtg-r8h3_q-as/"; http_uri; depth:29; isdataat:!1,relative; content:"alimgercel.com.tr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165768/; classtype:trojan-activity;sid:81028868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/@eadir/@tmp/ups-view/mar-25-19-11-53-01/"; http_uri; depth:41; isdataat:!1,relative; content:"210.6.235.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165767/; classtype:trojan-activity;sid:81028867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ups/mar-25-19-11-51-01/"; http_uri; depth:35; isdataat:!1,relative; content:"35.198.30.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165766/; classtype:trojan-activity;sid:81028866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/wozix-hoj6_ldkvyxlj-nqg/"; http_uri; depth:33; isdataat:!1,relative; content:"all-giveaways.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165765/; classtype:trojan-activity;sid:81028865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lp/bmpce-aqi_oosypzm-8p/"; http_uri; depth:25; isdataat:!1,relative; content:"acheiconsorcio.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165764/; classtype:trojan-activity;sid:81028864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ups-express-domestic/mar-25-19-11-48-03/"; http_uri; depth:50; isdataat:!1,relative; content:"adjassessoria.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165763/; classtype:trojan-activity;sid:81028863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/bwzi-w0pk8_ueqfsqvjb-pwc/"; http_uri; depth:39; isdataat:!1,relative; content:"acmalarmes.hostinet.pt"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165762/; classtype:trojan-activity;sid:81028862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpressbak/event/gfkuk-kh_fp-b4j/"; http_uri; depth:36; isdataat:!1,relative; content:"advci.eastasia.cloudapp.azure.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165760/; classtype:trojan-activity;sid:81028860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0pgfs0p/ups-us/mar-25-19-11-33-06/"; http_uri; depth:35; isdataat:!1,relative; content:"35.244.33.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165759/; classtype:trojan-activity;sid:81028859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ups.com/mar-25-19-07-07-03/"; http_uri; depth:37; isdataat:!1,relative; content:"enpress-publisher.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165757/; classtype:trojan-activity;sid:81028857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fi-fi/friob-27zd_m-iwv/"; http_uri; depth:24; isdataat:!1,relative; content:"34.197.118.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165756/; classtype:trojan-activity;sid:81028856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ups/mar-25-19-03-22-02/"; http_uri; depth:36; isdataat:!1,relative; content:"drabeys.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165755/; classtype:trojan-activity;sid:81028855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/rgkzt-crut_ptknq-lp/"; http_uri; depth:31; isdataat:!1,relative; content:"ahl.igh.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165753/; classtype:trojan-activity;sid:81028853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kida/soqsr-ooz4m_hayol-qnb/"; http_uri; depth:28; isdataat:!1,relative; content:"16.koperasiamana.co.id"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165752/; classtype:trojan-activity;sid:81028852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ups.com/mar-25-19-03-14-02/"; http_uri; depth:40; isdataat:!1,relative; content:"opark.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165751/; classtype:trojan-activity;sid:81028851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/88510347069/bfmku-tk_sfxqlnnzw-t2/"; http_uri; depth:47; isdataat:!1,relative; content:"about.onlinebharat.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165750/; classtype:trojan-activity;sid:81028850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ups-express-domestic/mar-25-19-03-11-02/"; http_uri; depth:50; isdataat:!1,relative; content:"www.oprecht-advies.nl"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165749/; classtype:trojan-activity;sid:81028849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/pgxi-hl_nipvjr-ap/"; http_uri; depth:28; isdataat:!1,relative; content:"62.234.136.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165747/; classtype:trojan-activity;sid:81028847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_homeproject/odfjc-zh_gxav-jzc/"; http_uri; depth:32; isdataat:!1,relative; content:"ad-tectum.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165746/; classtype:trojan-activity;sid:81028846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apifile/mat_doc/zfug-koxcx_pxtxvzj-sy/"; http_uri; depth:39; isdataat:!1,relative; content:"203.157.182.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165744/; classtype:trojan-activity;sid:81028844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/components/word.exe"; http_uri; depth:20; isdataat:!1,relative; content:"www.aetstranslation.com.au"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165743/; classtype:trojan-activity;sid:81028843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165740/; classtype:trojan-activity;sid:81028840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165738/; classtype:trojan-activity;sid:81028838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165737/; classtype:trojan-activity;sid:81028837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165736/; classtype:trojan-activity;sid:81028836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/verif.accs.send.biz/"; http_uri; depth:30; isdataat:!1,relative; content:"100.24.102.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165735/; classtype:trojan-activity;sid:81028835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/trust.accs.docs.com/"; http_uri; depth:32; isdataat:!1,relative; content:"34.235.37.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165734/; classtype:trojan-activity;sid:81028834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.accs.resourses.net/"; http_uri; depth:33; isdataat:!1,relative; content:"myphamthienthao.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165730/; classtype:trojan-activity;sid:81028830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rylawpc/sec.myaccount.docs.com/"; http_uri; depth:32; isdataat:!1,relative; content:"ksoncrossfit.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165729/; classtype:trojan-activity;sid:81028829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/verif.accs.docs.biz/"; http_uri; depth:25; isdataat:!1,relative; content:"hurrican.sk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165725/; classtype:trojan-activity;sid:81028825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/intuit_us_ca/scan/redebit_transactions/redebit_op/eqvlk-1sfwz_qhhoj-liv/"; http_uri; depth:76; isdataat:!1,relative; content:"iqbaldbn.me"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165724/; classtype:trojan-activity;sid:81028824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/trust.myacc.resourses.net/"; http_uri; depth:34; isdataat:!1,relative; content:"udhaiyamdhall.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165723/; classtype:trojan-activity;sid:81028823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content-/secure.accounts.docs.biz/"; http_uri; depth:38; isdataat:!1,relative; content:"53amg.fr"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165718/; classtype:trojan-activity;sid:81028818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165717/; classtype:trojan-activity;sid:81028817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.myaccount.resourses.com/"; http_uri; depth:38; isdataat:!1,relative; content:"1xbetgiris.website"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165716/; classtype:trojan-activity;sid:81028816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165715/; classtype:trojan-activity;sid:81028815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165714/; classtype:trojan-activity;sid:81028814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165713/; classtype:trojan-activity;sid:81028813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wwtgr4v/verif.accounts.resourses.net/"; http_uri; depth:38; isdataat:!1,relative; content:"18.218.12.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165709/; classtype:trojan-activity;sid:81028809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7jzxextmci/verif.myacc.send.net/"; http_uri; depth:33; isdataat:!1,relative; content:"35.240.3.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165710/; classtype:trojan-activity;sid:81028810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/@eadir/sec.myaccount.docs.com/"; http_uri; depth:31; isdataat:!1,relative; content:"194.191.243.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165708/; classtype:trojan-activity;sid:81028808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/components/en_us/company/invoice_number/aoeu-qt9ul_tgb-o4/"; http_uri; depth:59; isdataat:!1,relative; content:"impro.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165706/; classtype:trojan-activity;sid:81028806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dev/trust.myacc.send.net/./"; http_uri; depth:28; isdataat:!1,relative; content:"morimplants.co.il"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165704/; classtype:trojan-activity;sid:81028804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.myaccount.resourses.biz/"; http_uri; depth:41; isdataat:!1,relative; content:"namellus.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165702/; classtype:trojan-activity;sid:81028802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.accs.resourses.biz///"; http_uri; depth:38; isdataat:!1,relative; content:"hbsnepal.com.np"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165700/; classtype:trojan-activity;sid:81028800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/znlgu9h/secure.accounts.docs.biz/"; http_uri; depth:34; isdataat:!1,relative; content:"bercikjakub.sk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165699/; classtype:trojan-activity;sid:81028799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/txyj35t/secure.accounts.docs.net/"; http_uri; depth:34; isdataat:!1,relative; content:"46.101.119.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165697/; classtype:trojan-activity;sid:81028797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/secure.myaccount.send.net/"; http_uri; depth:37; isdataat:!1,relative; content:"185.33.146.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165696/; classtype:trojan-activity;sid:81028796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.accounts.docs.com/"; http_uri; depth:37; isdataat:!1,relative; content:"138.68.41.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165695/; classtype:trojan-activity;sid:81028795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.accounts.resourses.biz/"; http_uri; depth:42; isdataat:!1,relative; content:"138.68.175.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165694/; classtype:trojan-activity;sid:81028794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/trust.accs.send.net/secure.accounts.resourses.biz/"; http_uri; depth:51; isdataat:!1,relative; content:"132.145.153.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165693/; classtype:trojan-activity;sid:81028793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.accounts.send.com///"; http_uri; depth:39; isdataat:!1,relative; content:"131.111.48.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165692/; classtype:trojan-activity;sid:81028792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.accounts.send.com/"; http_uri; depth:37; isdataat:!1,relative; content:"131.111.48.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165691/; classtype:trojan-activity;sid:81028791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lib/secure.accounts.resourses.biz/"; http_uri; depth:35; isdataat:!1,relative; content:"128.199.233.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165690/; classtype:trojan-activity;sid:81028790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.myaccount.resourses.biz/"; http_uri; depth:43; isdataat:!1,relative; content:"119.28.21.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165689/; classtype:trojan-activity;sid:81028789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.accounts.send.biz/"; http_uri; depth:32; isdataat:!1,relative; content:"111.230.244.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165688/; classtype:trojan-activity;sid:81028788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.accs.send.net/"; http_uri; depth:32; isdataat:!1,relative; content:"107.23.121.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165687/; classtype:trojan-activity;sid:81028787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/secure.accounts.send.biz/"; http_uri; depth:47; isdataat:!1,relative; content:"104.237.5.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165686/; classtype:trojan-activity;sid:81028786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.accounts.resourses.com/"; http_uri; depth:41; isdataat:!1,relative; content:"104.199.129.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165685/; classtype:trojan-activity;sid:81028785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sec.accs.docs.com/"; http_uri; depth:30; isdataat:!1,relative; content:"4stroy.by"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165669/; classtype:trojan-activity;sid:81028769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165668/; classtype:trojan-activity;sid:81028768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sec.accounts.send.net/"; http_uri; depth:35; isdataat:!1,relative; content:"edtech.iae.edu.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165667/; classtype:trojan-activity;sid:81028767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/js/j4331853528909024.zip"; http_uri; depth:34; isdataat:!1,relative; content:"oaklandchina.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165665/; classtype:trojan-activity;sid:81028765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.myacc.resourses.com/"; http_uri; depth:34; isdataat:!1,relative; content:"serendipityph.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165664/; classtype:trojan-activity;sid:81028764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/58803710224077/vnny-qqqjm_dyi-mu/"; http_uri; depth:46; isdataat:!1,relative; content:"san-enterprises.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165663/; classtype:trojan-activity;sid:81028763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/22023290033/swwvt-4qat_q-ir9/"; http_uri; depth:41; isdataat:!1,relative; content:"save24x7.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165662/; classtype:trojan-activity;sid:81028762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ffpdxo5/wbtk-cq0u_edhg-kn/"; http_uri; depth:27; isdataat:!1,relative; content:"scubadiver.bg"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165661/; classtype:trojan-activity;sid:81028761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/vxpbz-cg_wsqdubm-2x/"; http_uri; depth:33; isdataat:!1,relative; content:"bizjournalsnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165660/; classtype:trojan-activity;sid:81028760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/analo-ka_cflya-jop/"; http_uri; depth:39; isdataat:!1,relative; content:"himafis.mipa.uns.ac.id"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165658/; classtype:trojan-activity;sid:81028758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s-admin/vpiq.exe"; http_uri; depth:17; isdataat:!1,relative; content:"belabargelro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165656/; classtype:trojan-activity;sid:81028756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pploiuy/sureboy.exe"; http_uri; depth:20; isdataat:!1,relative; content:"accpais.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165655/; classtype:trojan-activity;sid:81028755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ekiyoooooooooooooooort/bin.exe"; http_uri; depth:31; isdataat:!1,relative; content:"accpais.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165654/; classtype:trojan-activity;sid:81028754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/verif.accs.docs.com/"; http_uri; depth:30; isdataat:!1,relative; content:"mebli-stoly.com.ua"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165653/; classtype:trojan-activity;sid:81028753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smarts.jpg"; http_uri; depth:11; isdataat:!1,relative; content:"www.electromada.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165652/; classtype:trojan-activity;sid:81028752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/trust.accs.send.com/"; http_uri; depth:30; isdataat:!1,relative; content:"loweralabamagolf.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165651/; classtype:trojan-activity;sid:81028751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/maps1316/ki_d/"; http_uri; depth:15; isdataat:!1,relative; content:"instituthypnos.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165650/; classtype:trojan-activity;sid:81028750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/edwinjefferson.com/ie_xo/"; http_uri; depth:26; isdataat:!1,relative; content:"bloodybits.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165649/; classtype:trojan-activity;sid:81028749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cu_sa/"; http_uri; depth:16; isdataat:!1,relative; content:"dqbdesign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165648/; classtype:trojan-activity;sid:81028748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/o_n/"; http_uri; depth:14; isdataat:!1,relative; content:"muacangua.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165647/; classtype:trojan-activity;sid:81028747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apply2/uploads/w_a/"; http_uri; depth:20; isdataat:!1,relative; content:"etprimewomenawards.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165646/; classtype:trojan-activity;sid:81028746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165645/; classtype:trojan-activity;sid:81028745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165644/; classtype:trojan-activity;sid:81028744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165643/; classtype:trojan-activity;sid:81028743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165642/; classtype:trojan-activity;sid:81028742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165641/; classtype:trojan-activity;sid:81028741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165639/; classtype:trojan-activity;sid:81028739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165638/; classtype:trojan-activity;sid:81028738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/verif.accs.resourses.net/"; http_uri; depth:29; isdataat:!1,relative; content:"taringabaptist.org.au"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165637/; classtype:trojan-activity;sid:81028737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/b/sec.myaccount.resourses.biz/"; http_uri; depth:31; isdataat:!1,relative; content:"kueryo.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165635/; classtype:trojan-activity;sid:81028735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jdownloader/scripts/pyload_stop/fc/"; http_uri; depth:36; isdataat:!1,relative; content:"mangaml.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165634/; classtype:trojan-activity;sid:81028734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ud/"; http_uri; depth:16; isdataat:!1,relative; content:"ilimler.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165632/; classtype:trojan-activity;sid:81028732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/oc/"; http_uri; depth:15; isdataat:!1,relative; content:"multiesfera.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165628/; classtype:trojan-activity;sid:81028728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/usvt/"; http_uri; depth:18; isdataat:!1,relative; content:"mireiatorrent.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165627/; classtype:trojan-activity;sid:81028727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/verif.myacc.resourses.biz/"; http_uri; depth:36; isdataat:!1,relative; content:"fishingcan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165626/; classtype:trojan-activity;sid:81028726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"89.122.77.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165624/; classtype:trojan-activity;sid:81028724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165623/; classtype:trojan-activity;sid:81028723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"187.114.49.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165622/; classtype:trojan-activity;sid:81028722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"189.230.174.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165619/; classtype:trojan-activity;sid:81028719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"201.192.164.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165615/; classtype:trojan-activity;sid:81028715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"31.168.126.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165612/; classtype:trojan-activity;sid:81028712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/sec.myaccount.docs.net/"; http_uri; depth:43; isdataat:!1,relative; content:"www.matyopekseg.hu"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165606/; classtype:trojan-activity;sid:81028706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/irpw/secure.accounts.docs.net/"; http_uri; depth:31; isdataat:!1,relative; content:"biztech.com.bd"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165605/; classtype:trojan-activity;sid:81028705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/secure.myacc.docs.biz/"; http_uri; depth:27; isdataat:!1,relative; content:"emfsys.gr"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165604/; classtype:trojan-activity;sid:81028704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/wros-kd_khqvvekh-mkt/"; http_uri; depth:34; isdataat:!1,relative; content:"patinvietnam.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165603/; classtype:trojan-activity;sid:81028703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/trust.accs.send.com/"; http_uri; depth:30; isdataat:!1,relative; content:"prodijital.com.tr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165601/; classtype:trojan-activity;sid:81028701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/sec.myaccount.resourses.com/"; http_uri; depth:48; isdataat:!1,relative; content:"atrip-world.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165600/; classtype:trojan-activity;sid:81028700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/backup/secure.myacc.send.net/"; http_uri; depth:30; isdataat:!1,relative; content:"shahedrahman.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165598/; classtype:trojan-activity;sid:81028698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.myacc.docs.com/"; http_uri; depth:34; isdataat:!1,relative; content:"funmart.ml"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165597/; classtype:trojan-activity;sid:81028697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/luvutvw/009.exe"; http_uri; depth:16; isdataat:!1,relative; content:"77.73.68.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165596/; classtype:trojan-activity;sid:81028696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/luvutvw/rwoveotyk8mv9f3.exe"; http_uri; depth:28; isdataat:!1,relative; content:"77.73.68.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165595/; classtype:trojan-activity;sid:81028695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/luvutvw/dsa.exe"; http_uri; depth:16; isdataat:!1,relative; content:"77.73.68.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165594/; classtype:trojan-activity;sid:81028694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tjsml4o/secure.myacc.docs.net/"; http_uri; depth:31; isdataat:!1,relative; content:"mhsalum.isinqa.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165592/; classtype:trojan-activity;sid:81028692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.accs.resourses.biz/"; http_uri; depth:36; isdataat:!1,relative; content:"hbsnepal.com.np"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165590/; classtype:trojan-activity;sid:81028690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oldadmin/wp-content/85471201673/qrsa-0z7_jfxkd-qq/"; http_uri; depth:51; isdataat:!1,relative; content:"editorial.wijeya.lk"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165589/; classtype:trojan-activity;sid:81028689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/agrms-urlcp_eohmqwh-tz/"; http_uri; depth:35; isdataat:!1,relative; content:"tlslbrands.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165587/; classtype:trojan-activity;sid:81028687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/mvqjl-jnzzn_qmn-lj/"; http_uri; depth:29; isdataat:!1,relative; content:"babycool.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165586/; classtype:trojan-activity;sid:81028686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.accs.docs.biz/"; http_uri; depth:33; isdataat:!1,relative; content:"patryk-razny.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165585/; classtype:trojan-activity;sid:81028685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shopinsta/verif.myacc.resourses.biz/"; http_uri; depth:37; isdataat:!1,relative; content:"shopinsta.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165583/; classtype:trojan-activity;sid:81028683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/m5891377951317722.zip"; http_uri; depth:33; isdataat:!1,relative; content:"bmfurn.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165581/; classtype:trojan-activity;sid:81028681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d4798414291x04463477.zip"; http_uri; depth:25; isdataat:!1,relative; content:"www.kupelbooks.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165580/; classtype:trojan-activity;sid:81028680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/532108216v2695012.zip"; http_uri; depth:31; isdataat:!1,relative; content:"sapoutaouais.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165579/; classtype:trojan-activity;sid:81028679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/t20-8512773003733244.zip"; http_uri; depth:36; isdataat:!1,relative; content:"themecenters.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165578/; classtype:trojan-activity;sid:81028678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/e039758134703109539.zip"; http_uri; depth:43; isdataat:!1,relative; content:"www.plannpick.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165577/; classtype:trojan-activity;sid:81028677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/js/v8805692810u6201579.zip"; http_uri; depth:36; isdataat:!1,relative; content:"arimonza.it"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165576/; classtype:trojan-activity;sid:81028676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s271665126308085685.zip"; http_uri; depth:24; isdataat:!1,relative; content:"otbtech.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165575/; classtype:trojan-activity;sid:81028675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/84-1987372916270585.zip"; http_uri; depth:33; isdataat:!1,relative; content:"dtmre.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165574/; classtype:trojan-activity;sid:81028674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/z833683466g3135472.zip"; http_uri; depth:23; isdataat:!1,relative; content:"ipsolutionsinc.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165573/; classtype:trojan-activity;sid:81028673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/874878978265613867.zip"; http_uri; depth:46; isdataat:!1,relative; content:"azimut-volga.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165572/; classtype:trojan-activity;sid:81028672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/dcts-8q_eonhemyy-9qr/"; http_uri; depth:43; isdataat:!1,relative; content:"espacerezo.fr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165570/; classtype:trojan-activity;sid:81028670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/404/590115084912/xfxt-awbk_xufk-enh/"; http_uri; depth:37; isdataat:!1,relative; content:"eziyuan.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165569/; classtype:trojan-activity;sid:81028669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/temp_dc5bcf9d42ded3370fd9c92a7bf0d715/tbypc-rhcb2_vezqw-dd/"; http_uri; depth:60; isdataat:!1,relative; content:"finniss.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165568/; classtype:trojan-activity;sid:81028668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/russ/eonxo-yj_o-z2f/"; http_uri; depth:21; isdataat:!1,relative; content:"dragonfang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165567/; classtype:trojan-activity;sid:81028667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/155553809077423/drrnh-jsv_pc-hj/"; http_uri; depth:41; isdataat:!1,relative; content:"cddvd.kz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165566/; classtype:trojan-activity;sid:81028666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/dpudq-1qiw1_vdlgz-rdo/"; http_uri; depth:32; isdataat:!1,relative; content:"portalsete.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165564/; classtype:trojan-activity;sid:81028664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/trust.accounts.resourses.biz/"; http_uri; depth:39; isdataat:!1,relative; content:"noithatmt5c.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165561/; classtype:trojan-activity;sid:81028661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/ups-quantum-view/mar-25-19-12-51-02/"; http_uri; depth:42; isdataat:!1,relative; content:"qlstandard.com.mx"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165559/; classtype:trojan-activity;sid:81028659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/ups-ship-notification/mar-25-19-12-47-01/"; http_uri; depth:45; isdataat:!1,relative; content:"chefmongiovi.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165558/; classtype:trojan-activity;sid:81028658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/trust.myaccount.send.com/"; http_uri; depth:37; isdataat:!1,relative; content:"wp.10zan.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165557/; classtype:trojan-activity;sid:81028657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m2013/files/temp/verif.accs.docs.com/"; http_uri; depth:38; isdataat:!1,relative; content:"ganzetec.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165555/; classtype:trojan-activity;sid:81028655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nick.mcbeth.com.au/secure.accs.resourses.com/"; http_uri; depth:46; isdataat:!1,relative; content:"mcbeth.com.au"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165552/; classtype:trojan-activity;sid:81028652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mm.ms.com/trust.accounts.send.biz/"; http_uri; depth:35; isdataat:!1,relative; content:"dream-sequence.cc"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165550/; classtype:trojan-activity;sid:81028650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/k65-321398i06490553.zip"; http_uri; depth:34; isdataat:!1,relative; content:"service20.consys.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165549/; classtype:trojan-activity;sid:81028649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/forms/jhioe-vwl_h-wt/"; http_uri; depth:22; isdataat:!1,relative; content:"cetaguaecuador.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165547/; classtype:trojan-activity;sid:81028647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/syxky-qjtj_iuzbavoc-t0/"; http_uri; depth:29; isdataat:!1,relative; content:"dandavner.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165546/; classtype:trojan-activity;sid:81028646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fm/7722930614289/drdrf-odj3_hmrqcxudn-lpn/"; http_uri; depth:43; isdataat:!1,relative; content:"cigan.sk"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165545/; classtype:trojan-activity;sid:81028645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/intro/trust.accs.resourses.net/"; http_uri; depth:32; isdataat:!1,relative; content:"famaweb.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165543/; classtype:trojan-activity;sid:81028643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/service-report-2969/trust.myacc.docs.net/"; http_uri; depth:42; isdataat:!1,relative; content:"egsa.at"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165542/; classtype:trojan-activity;sid:81028642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ares/kbfj-xhc_rkuxuqqn-t3i/"; http_uri; depth:28; isdataat:!1,relative; content:"edandtrish.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165541/; classtype:trojan-activity;sid:81028641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/logsite/trust.myacc.docs.net/"; http_uri; depth:30; isdataat:!1,relative; content:"downinthecountry.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165540/; classtype:trojan-activity;sid:81028640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/logssite/verif.accounts.docs.biz/"; http_uri; depth:34; isdataat:!1,relative; content:"datos.com.tw"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165539/; classtype:trojan-activity;sid:81028639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mailer/340740490804/friy-i7_qcgj-9p/"; http_uri; depth:37; isdataat:!1,relative; content:"colbydix.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165538/; classtype:trojan-activity;sid:81028638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/verif.myaccount.resourses.net/"; http_uri; depth:37; isdataat:!1,relative; content:"darthgoat.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165537/; classtype:trojan-activity;sid:81028637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/talina/verif.myacc.resourses.net/"; http_uri; depth:34; isdataat:!1,relative; content:"cybersol.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165536/; classtype:trojan-activity;sid:81028636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sec.myaccount.send.com/"; http_uri; depth:35; isdataat:!1,relative; content:"claudiogarcia.es"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165535/; classtype:trojan-activity;sid:81028635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/secure.accs.docs.net/"; http_uri; depth:30; isdataat:!1,relative; content:"castlecare.us"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165534/; classtype:trojan-activity;sid:81028634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/m0br4-dhj2z-yusjws/"; http_uri; depth:29; isdataat:!1,relative; content:"vrfantasy.gallery"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165531/; classtype:trojan-activity;sid:81028631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rylawpc/invoice_number/qxvet-hm5fk_fi-qn/"; http_uri; depth:42; isdataat:!1,relative; content:"ksoncrossfit.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165526/; classtype:trojan-activity;sid:81028626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/en_en/info/nvdra-lld5_glwmm-en/"; http_uri; depth:44; isdataat:!1,relative; content:"ilimler.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165524/; classtype:trojan-activity;sid:81028624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/en_en/new_invoice/jcdf-dabhm_dzhd-f9/"; http_uri; depth:46; isdataat:!1,relative; content:"demo.automationbootcamp.ro"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165522/; classtype:trojan-activity;sid:81028622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/copy_invoice/ukiu-bnap_vbostiyy-ikq/"; http_uri; depth:42; isdataat:!1,relative; content:"daemconcepcion.cl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165521/; classtype:trojan-activity;sid:81028621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/0ra5p-ms1a9h-haajrwevb/"; http_uri; depth:28; isdataat:!1,relative; content:"abc-group.ge"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165519/; classtype:trojan-activity;sid:81028619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/trust.accounts.resourses.biz/"; http_uri; depth:39; isdataat:!1,relative; content:"noithatmt5c.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165518/; classtype:trojan-activity;sid:81028618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.accs.send.net/"; http_uri; depth:32; isdataat:!1,relative; content:"danhba.dulichvietnam.com.vn"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165516/; classtype:trojan-activity;sid:81028616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/tbfqb-qlh_dw-suj/"; http_uri; depth:29; isdataat:!1,relative; content:"titaniumtv.club"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165515/; classtype:trojan-activity;sid:81028615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/awstats-icon/trust.accs.docs.net/"; http_uri; depth:34; isdataat:!1,relative; content:"test.ord.nuucloud.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165513/; classtype:trojan-activity;sid:81028613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/j2xpr3dy5thu2wr/quotation.zipdl=1"; http_uri; depth:36; isdataat:!1,relative; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165512/; classtype:trojan-activity;sid:81028612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pressthiso/sec.accounts.send.com/"; http_uri; depth:34; isdataat:!1,relative; content:"wcdr.pbas.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165511/; classtype:trojan-activity;sid:81028611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.myacc.resourses.net/"; http_uri; depth:34; isdataat:!1,relative; content:"discoverthat.com.au"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165508/; classtype:trojan-activity;sid:81028608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dev/trust.myacc.send.net/"; http_uri; depth:26; isdataat:!1,relative; content:"morimplants.co.il"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165507/; classtype:trojan-activity;sid:81028607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/jfhge-1wxo4_goivp-3a4/"; http_uri; depth:34; isdataat:!1,relative; content:"oltelectrics.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165506/; classtype:trojan-activity;sid:81028606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/cbzm-in2_daeqx-rf/"; http_uri; depth:30; isdataat:!1,relative; content:"sag.ceo"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165505/; classtype:trojan-activity;sid:81028605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/admin/sec.accounts.send.com/"; http_uri; depth:29; isdataat:!1,relative; content:"makson.co.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165503/; classtype:trojan-activity;sid:81028603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/uthq-tw_trrqxqwxe-ft/"; http_uri; depth:31; isdataat:!1,relative; content:"dealsammler.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165502/; classtype:trojan-activity;sid:81028602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/controllers/sec.myaccount.resourses.com/"; http_uri; depth:41; isdataat:!1,relative; content:"kamir.es"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165501/; classtype:trojan-activity;sid:81028601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ne6rcmq/5873675/hzky-ky1tk_iuemgns-bz/"; http_uri; depth:39; isdataat:!1,relative; content:"myphamcenliathuduc.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165500/; classtype:trojan-activity;sid:81028600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"93.176.162.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165498/; classtype:trojan-activity;sid:81028598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/diaocngaynay/verif.accs.resourses.com/"; http_uri; depth:39; isdataat:!1,relative; content:"diaocngaynay.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165496/; classtype:trojan-activity;sid:81028596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/images/nature/frn6.exe"; http_uri; depth:39; isdataat:!1,relative; content:"ahsantiago.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165495/; classtype:trojan-activity;sid:81028595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-https/blz.exe"; http_uri; depth:17; isdataat:!1,relative; content:"sawasdeethaimassage.com.au"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165493/; classtype:trojan-activity;sid:81028593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/0p_iy/"; http_uri; depth:18; isdataat:!1,relative; content:"center1.co.il"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165492/; classtype:trojan-activity;sid:81028592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/gi_xz/"; http_uri; depth:26; isdataat:!1,relative; content:"webzine.jejuhub.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165491/; classtype:trojan-activity;sid:81028591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/spikyfishgames/xj_hx/"; http_uri; depth:22; isdataat:!1,relative; content:"pufferfiz.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165490/; classtype:trojan-activity;sid:81028590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/33_dk/"; http_uri; depth:26; isdataat:!1,relative; content:"inclusao.enap.gov.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165489/; classtype:trojan-activity;sid:81028589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/verif.accs.resourses.biz/"; http_uri; depth:34; isdataat:!1,relative; content:"krafiatmada.my"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165488/; classtype:trojan-activity;sid:81028588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/sec.myacc.resourses.com/"; http_uri; depth:30; isdataat:!1,relative; content:"healthandfitnesstraining.shop"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165487/; classtype:trojan-activity;sid:81028587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9uyruon/tracking-number-5hyd08736409791871/mar-25-19-03-02-07/"; http_uri; depth:63; isdataat:!1,relative; content:"overnightfilmfestival.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165485/; classtype:trojan-activity;sid:81028585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/ups-us/mar-25-19-02-58-07/"; http_uri; depth:35; isdataat:!1,relative; content:"pearlywhites.co.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165484/; classtype:trojan-activity;sid:81028584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ne6rcmq/iniyl-iyo_ajtfrjn-nr/"; http_uri; depth:30; isdataat:!1,relative; content:"myphamcenliathuduc.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165483/; classtype:trojan-activity;sid:81028583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lnfj-v14y_vllqk-hx/"; http_uri; depth:32; isdataat:!1,relative; content:"osvisa.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165482/; classtype:trojan-activity;sid:81028582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lzqy-l0b_iyzccva-z2m/"; http_uri; depth:34; isdataat:!1,relative; content:"pathwaymbs.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165481/; classtype:trojan-activity;sid:81028581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/starter/ups-express-domestic/mar-25-19-02-55-05/"; http_uri; depth:49; isdataat:!1,relative; content:"bytesoftware.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165480/; classtype:trojan-activity;sid:81028580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chameleondesign/tracking-number-2t98656355807663/mar-25-19-02-50-01/"; http_uri; depth:69; isdataat:!1,relative; content:"beeonline.cz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165479/; classtype:trojan-activity;sid:81028579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mailer/520895937972948/zwsb-t5sj_royha-7v/"; http_uri; depth:43; isdataat:!1,relative; content:"biztechmgt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165476/; classtype:trojan-activity;sid:81028576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/zwvx-gww_ui-i1a/"; http_uri; depth:21; isdataat:!1,relative; content:"booyamedia.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165475/; classtype:trojan-activity;sid:81028575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ww4w/66_r/"; http_uri; depth:11; isdataat:!1,relative; content:"ayodhyatrade.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165474/; classtype:trojan-activity;sid:81028574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hxtensa"; http_uri; depth:24; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165470/; classtype:trojan-activity;sid:81028570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hspc"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165465/; classtype:trojan-activity;sid:81028565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hx86"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165466/; classtype:trojan-activity;sid:81028566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hsh-sh4"; http_uri; depth:24; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165463/; classtype:trojan-activity;sid:81028563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hsh4"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165464/; classtype:trojan-activity;sid:81028564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/includes/facelift/cache/ups-quantum-view/mar-25-19-02-37-04/"; http_uri; depth:61; isdataat:!1,relative; content:"antislash.fr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165461/; classtype:trojan-activity;sid:81028561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/frubox.in/ups-quantum-view/mar-25-19-02-33-02/"; http_uri; depth:47; isdataat:!1,relative; content:"aapnnihotel.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165460/; classtype:trojan-activity;sid:81028560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/48y9op5s2e2ap2u/1028746233971_doc.gzdl=1"; http_uri; depth:43; isdataat:!1,relative; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165459/; classtype:trojan-activity;sid:81028559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ups-quantum-view/mar-25-19-02-29-01/"; http_uri; depth:49; isdataat:!1,relative; content:"912graphics.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165457/; classtype:trojan-activity;sid:81028557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/language/ups-us/mar-25-19-02-27-01/"; http_uri; depth:36; isdataat:!1,relative; content:"kursiuklinika.lt"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165456/; classtype:trojan-activity;sid:81028556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/077539773/vykdq-cwsr_enha-gog/"; http_uri; depth:38; isdataat:!1,relative; content:"agtrade.hu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165453/; classtype:trojan-activity;sid:81028553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/cache/ups-us/mar-25-19-02-20-02/"; http_uri; depth:37; isdataat:!1,relative; content:"cbaia.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165451/; classtype:trojan-activity;sid:81028551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ups-ship-notification/mar-25-19-02-13-02/"; http_uri; depth:54; isdataat:!1,relative; content:"restaurantequeleche.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165450/; classtype:trojan-activity;sid:81028550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/includes/ups-view/mar-25-19-02-09-04/"; http_uri; depth:38; isdataat:!1,relative; content:"nammuzey.uz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165449/; classtype:trojan-activity;sid:81028549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/bano-t153v_hgcsye-rq/"; http_uri; depth:33; isdataat:!1,relative; content:"gdv.stomp.digital"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165448/; classtype:trojan-activity;sid:81028548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/175477844001/dmzyz-hs_oxfstdwxj-gm/"; http_uri; depth:43; isdataat:!1,relative; content:"pandeglangkec.pandeglangkab.go.id"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165447/; classtype:trojan-activity;sid:81028547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hzjvbhz/kbrmf-1mnuc_lvd-ka/"; http_uri; depth:28; isdataat:!1,relative; content:"portalfreightforwarder.com.my"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165446/; classtype:trojan-activity;sid:81028546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/windowscp.exe"; http_uri; depth:14; isdataat:!1,relative; content:"185.35.137.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165445/; classtype:trojan-activity;sid:81028545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/tracking-number-4xaq28066098889070/mar-25-19-02-05-02/"; http_uri; depth:59; isdataat:!1,relative; content:"kan.kan2.go.th"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165443/; classtype:trojan-activity;sid:81028543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hrpqwl43ks/bvoog-8l5_iihqb-sr/"; http_uri; depth:31; isdataat:!1,relative; content:"abc-group.ge"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165441/; classtype:trojan-activity;sid:81028541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/ups-us/mar-25-19-02-00-03/"; http_uri; depth:34; isdataat:!1,relative; content:"pkb.net.my"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165440/; classtype:trojan-activity;sid:81028540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/ecoj-ch5r9_pyzlnom-6ct/"; http_uri; depth:31; isdataat:!1,relative; content:"dekorant.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165438/; classtype:trojan-activity;sid:81028538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/modules/utwg-nasn_e-aov/"; http_uri; depth:25; isdataat:!1,relative; content:"pierwszajazda.com.pl"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165435/; classtype:trojan-activity;sid:81028535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/ups.com/mar-25-19-01-47-04/"; http_uri; depth:38; isdataat:!1,relative; content:"crearquitectos.es"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165434/; classtype:trojan-activity;sid:81028534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/components/62964839/pvayc-b1sfh_yybbzj-yjn/"; http_uri; depth:44; isdataat:!1,relative; content:"agara.edu.ge"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165433/; classtype:trojan-activity;sid:81028533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/tracking-number-9ofm57140660104556/mar-25-19-01-43-04/"; http_uri; depth:65; isdataat:!1,relative; content:"vivavolei.cbv.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165432/; classtype:trojan-activity;sid:81028532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mlfp2yd/ups.com/mar-25-19-01-39-03/"; http_uri; depth:36; isdataat:!1,relative; content:"northmkt.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165431/; classtype:trojan-activity;sid:81028531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/db/work/config/ckhue-ut9yz_ekuk-5m2/"; http_uri; depth:37; isdataat:!1,relative; content:"naqaae.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165429/; classtype:trojan-activity;sid:81028529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/3752402637136/qyovf-kx_dhkyedae-cdq/"; http_uri; depth:51; isdataat:!1,relative; content:"xn--80ajoksa8ap9b.xn--p1ai"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165428/; classtype:trojan-activity;sid:81028528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ups-ship-notification/mar-25-19-01-35-02/"; http_uri; depth:53; isdataat:!1,relative; content:"sudmc.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165426/; classtype:trojan-activity;sid:81028526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/jtyl-gld_osagkrb-ybx/"; http_uri; depth:36; isdataat:!1,relative; content:"drlaszlozopcsak.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165425/; classtype:trojan-activity;sid:81028525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/9jisqn00pwn2qzh/order%20listpdf.zdl=1"; http_uri; depth:40; isdataat:!1,relative; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165424/; classtype:trojan-activity;sid:81028524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2018/08/ups-us/mar-25-19-01-30-01/"; http_uri; depth:35; isdataat:!1,relative; content:"nhanhoamotor.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165423/; classtype:trojan-activity;sid:81028523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/3414212/bnxh-i6x_fjbyjn-i7z/"; http_uri; depth:41; isdataat:!1,relative; content:"modps11.lib.kmutt.ac.th"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165422/; classtype:trojan-activity;sid:81028522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ups-ship-notification/mar-25-19-01-25-02/"; http_uri; depth:54; isdataat:!1,relative; content:"parkhillthanhcong.vn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165421/; classtype:trojan-activity;sid:81028521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/23996991188/zhar-lnf_sglg-5b/"; http_uri; depth:42; isdataat:!1,relative; content:"mywordes.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165420/; classtype:trojan-activity;sid:81028520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ups/mar-25-19-01-20-07/"; http_uri; depth:35; isdataat:!1,relative; content:"vicentinos.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165419/; classtype:trojan-activity;sid:81028519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/ups-view/mar-25-19-01-16-02/"; http_uri; depth:43; isdataat:!1,relative; content:"vandekonijnen.be"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165418/; classtype:trojan-activity;sid:81028518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"46.101.98.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165417/; classtype:trojan-activity;sid:81028517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"46.101.98.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165415/; classtype:trojan-activity;sid:81028515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"46.101.98.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165416/; classtype:trojan-activity;sid:81028516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"46.101.98.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165414/; classtype:trojan-activity;sid:81028514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"46.101.98.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165412/; classtype:trojan-activity;sid:81028512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"46.101.98.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165413/; classtype:trojan-activity;sid:81028513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"46.101.98.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165411/; classtype:trojan-activity;sid:81028511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2ps/bdhj-ou_avjyiy-lq6/"; http_uri; depth:24; isdataat:!1,relative; content:"warah.com.ar"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165410/; classtype:trojan-activity;sid:81028510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"46.101.98.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165409/; classtype:trojan-activity;sid:81028509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"46.101.98.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165407/; classtype:trojan-activity;sid:81028507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"46.101.98.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165408/; classtype:trojan-activity;sid:81028508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"46.101.98.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165406/; classtype:trojan-activity;sid:81028506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/x86"; http_uri; depth:10; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165405/; classtype:trojan-activity;sid:81028505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/sh4"; http_uri; depth:10; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165403/; classtype:trojan-activity;sid:81028503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/spc"; http_uri; depth:10; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165404/; classtype:trojan-activity;sid:81028504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165401/; classtype:trojan-activity;sid:81028501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/ppc"; http_uri; depth:10; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165402/; classtype:trojan-activity;sid:81028502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/i686"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165398/; classtype:trojan-activity;sid:81028498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/m68k"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165399/; classtype:trojan-activity;sid:81028499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/mips"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165400/; classtype:trojan-activity;sid:81028500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/i486"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165397/; classtype:trojan-activity;sid:81028497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/agxg-9urfg_hx-jvm/"; http_uri; depth:28; isdataat:!1,relative; content:"valfin.es"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165396/; classtype:trojan-activity;sid:81028496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/arm6"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165394/; classtype:trojan-activity;sid:81028494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/arm7"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165395/; classtype:trojan-activity;sid:81028495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/arc"; http_uri; depth:10; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165391/; classtype:trojan-activity;sid:81028491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/arm"; http_uri; depth:10; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165392/; classtype:trojan-activity;sid:81028492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/arm5"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165393/; classtype:trojan-activity;sid:81028493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/images/nature/g1.exe"; http_uri; depth:37; isdataat:!1,relative; content:"ahsantiago.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165390/; classtype:trojan-activity;sid:81028490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hx86"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165389/; classtype:trojan-activity;sid:81028489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"5.35.151.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165388/; classtype:trojan-activity;sid:81028488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dzxts-os3jd_aakpxscgi-mo/ups-express-domestic/mar-25-19-01-12-02/"; http_uri; depth:66; isdataat:!1,relative; content:"theshowzone.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165387/; classtype:trojan-activity;sid:81028487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/images/nature/jiz6.exe"; http_uri; depth:39; isdataat:!1,relative; content:"ahsantiago.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165386/; classtype:trojan-activity;sid:81028486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stories/ups/mar-25-19-01-11-02/"; http_uri; depth:32; isdataat:!1,relative; content:"storiesdesired.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165384/; classtype:trojan-activity;sid:81028484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/images/nature/p2v.exe"; http_uri; depth:38; isdataat:!1,relative; content:"ahsantiago.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165383/; classtype:trojan-activity;sid:81028483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/7900042179/eqanq-syh_usoo-i1/"; http_uri; depth:49; isdataat:!1,relative; content:"yos.inonu.edu.tr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165382/; classtype:trojan-activity;sid:81028482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/connections/ups-us/mar-25-19-01-04-02/"; http_uri; depth:39; isdataat:!1,relative; content:"webtvset.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165381/; classtype:trojan-activity;sid:81028481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/images/nature/sod7.exe"; http_uri; depth:39; isdataat:!1,relative; content:"ahsantiago.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165378/; classtype:trojan-activity;sid:81028478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/xgos-byha_nyobuyc-ax/"; http_uri; depth:41; isdataat:!1,relative; content:"yelarsan.es"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165377/; classtype:trojan-activity;sid:81028477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/images/nature/p1v.exe"; http_uri; depth:38; isdataat:!1,relative; content:"ahsantiago.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165376/; classtype:trojan-activity;sid:81028476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/859185101/kgsk-i9mag_ulabjii-jgx/"; http_uri; depth:43; isdataat:!1,relative; content:"wajeehshafiq.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165375/; classtype:trojan-activity;sid:81028475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/images/nature/p3v.exe"; http_uri; depth:38; isdataat:!1,relative; content:"ahsantiago.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165373/; classtype:trojan-activity;sid:81028473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oslh4nf/7503396/mdvu-90981_hikxlsybn-fh/"; http_uri; depth:41; isdataat:!1,relative; content:"247everydaysport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165372/; classtype:trojan-activity;sid:81028472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/cvnh-jdbd_hbxnibr-er/"; http_uri; depth:34; isdataat:!1,relative; content:"aldurragroup.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165371/; classtype:trojan-activity;sid:81028471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ups-ship-notification/mar-25-19-12-41-02/"; http_uri; depth:53; isdataat:!1,relative; content:"2013.kaunasphoto.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165370/; classtype:trojan-activity;sid:81028470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/samples/2832726/kcujg-ci0_frwc-jap/"; http_uri; depth:36; isdataat:!1,relative; content:"simplyresponsive.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165369/; classtype:trojan-activity;sid:81028469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/tracking-number-9q95302492986708/mar-25-19-12-37-01/"; http_uri; depth:59; isdataat:!1,relative; content:"shagua.name"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165368/; classtype:trojan-activity;sid:81028468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/leqbn-fzz_hgkxz-2m5/"; http_uri; depth:25; isdataat:!1,relative; content:"siamnatural.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165366/; classtype:trojan-activity;sid:81028466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/vlqj-pyp_vgunpnul-9b/"; http_uri; depth:30; isdataat:!1,relative; content:"phpsolutions.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165365/; classtype:trojan-activity;sid:81028465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tools/ups.com/mar-25-19-12-31-01/"; http_uri; depth:34; isdataat:!1,relative; content:"papaya.ne.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165364/; classtype:trojan-activity;sid:81028464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rvsincludefile/ups-ship-notification/mar-25-19-12-25-05/"; http_uri; depth:57; isdataat:!1,relative; content:"profilegeomatics.ca"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165363/; classtype:trojan-activity;sid:81028463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ooscqky7/ups.com/mar-25-19-12-16-01/"; http_uri; depth:37; isdataat:!1,relative; content:"songlinhtran.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165361/; classtype:trojan-activity;sid:81028461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9yorcan/ups-express-domestic/mar-25-19-12-12-01/"; http_uri; depth:49; isdataat:!1,relative; content:"inovatips.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165360/; classtype:trojan-activity;sid:81028460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ups/mar-25-19-12-07-01/"; http_uri; depth:24; isdataat:!1,relative; content:"ewoij.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165359/; classtype:trojan-activity;sid:81028459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ups-quantum-view/mar-25-19-12-00-02/"; http_uri; depth:46; isdataat:!1,relative; content:"grupoweb.cl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165357/; classtype:trojan-activity;sid:81028457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/solar.x86"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.78.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165356/; classtype:trojan-activity;sid:81028456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/solar.spc"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.78.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165355/; classtype:trojan-activity;sid:81028455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/solar.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.78.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165354/; classtype:trojan-activity;sid:81028454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/solar.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.78.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165353/; classtype:trojan-activity;sid:81028453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/solar.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.78.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165352/; classtype:trojan-activity;sid:81028452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/solar.mips"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.78.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165351/; classtype:trojan-activity;sid:81028451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/solar.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.78.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165350/; classtype:trojan-activity;sid:81028450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/solar.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.78.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165349/; classtype:trojan-activity;sid:81028449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/solar.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.78.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165348/; classtype:trojan-activity;sid:81028448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/solar.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"178.128.78.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165346/; classtype:trojan-activity;sid:81028446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/solar.arm"; http_uri; depth:15; isdataat:!1,relative; content:"178.128.78.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165345/; classtype:trojan-activity;sid:81028445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gjlux-rp_vtqz-vp/"; http_uri; depth:29; isdataat:!1,relative; content:"parbio.es"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165344/; classtype:trojan-activity;sid:81028444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/company/7534046/zinm-0psit_wm-jt/"; http_uri; depth:38; isdataat:!1,relative; content:"cevdetozturk.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165342/; classtype:trojan-activity;sid:81028442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kaktus/verif.accounts.docs.com/"; http_uri; depth:32; isdataat:!1,relative; content:"fatek.untad.ac.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165341/; classtype:trojan-activity;sid:81028441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/requests/cookie/sudden.conf/hokqa-rgs_ced-dx/"; http_uri; depth:58; isdataat:!1,relative; content:"taynguyen.dulichvietnam.com.vn"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165340/; classtype:trojan-activity;sid:81028440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/svsvbk/zmgeh-reg_nbkjvax-r4h/"; http_uri; depth:30; isdataat:!1,relative; content:"kianse.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165339/; classtype:trojan-activity;sid:81028439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-contents/bzkal-ufyv_aqpox-ap/"; http_uri; depth:33; isdataat:!1,relative; content:"alpinaemlak.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165337/; classtype:trojan-activity;sid:81028437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/jcd0i/"; http_uri; depth:13; isdataat:!1,relative; content:"codbility.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165328/; classtype:trojan-activity;sid:81028428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/7sf9/"; http_uri; depth:17; isdataat:!1,relative; content:"artecautomaten.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165327/; classtype:trojan-activity;sid:81028427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ujhq/"; http_uri; depth:15; isdataat:!1,relative; content:"vrfantasy.gallery"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165326/; classtype:trojan-activity;sid:81028426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wp-content/598i/"; http_uri; depth:20; isdataat:!1,relative; content:"firstmnd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165325/; classtype:trojan-activity;sid:81028425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/jzsff/"; http_uri; depth:26; isdataat:!1,relative; content:"toolbeltonline.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165324/; classtype:trojan-activity;sid:81028424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ups-ship-notification/mar-25-19-12-00-02/"; http_uri; depth:54; isdataat:!1,relative; content:"geoclimachillers.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165323/; classtype:trojan-activity;sid:81028423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rylawpc/tpds-ezu5_kozpdi-u09/"; http_uri; depth:30; isdataat:!1,relative; content:"ksoncrossfit.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165322/; classtype:trojan-activity;sid:81028422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/fldj-cm_nnvo-ft/"; http_uri; depth:29; isdataat:!1,relative; content:"junkmover.ca"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165321/; classtype:trojan-activity;sid:81028421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/njzm-8cs7_jzs-mqf/"; http_uri; depth:31; isdataat:!1,relative; content:"lastmilecdn.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165320/; classtype:trojan-activity;sid:81028420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/image/tax%20payment%20challan.zip"; http_uri; depth:34; isdataat:!1,relative; content:"rajanprinters.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165318/; classtype:trojan-activity;sid:81028418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/document_ca_18862.jar"; http_uri; depth:39; isdataat:!1,relative; content:"buproboticsclub.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165316/; classtype:trojan-activity;sid:81028416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sage_report.jar"; http_uri; depth:16; isdataat:!1,relative; content:"iconovirtual.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165315/; classtype:trojan-activity;sid:81028415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/recv2933a.jar"; http_uri; depth:14; isdataat:!1,relative; content:"www.atinalla.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165314/; classtype:trojan-activity;sid:81028414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/crystal/document_ca_18861.jar"; http_uri; depth:49; isdataat:!1,relative; content:"solussao.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165312/; classtype:trojan-activity;sid:81028412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0vta8ll/jqnd-1xfqq_ztca-muy/"; http_uri; depth:29; isdataat:!1,relative; content:"fitnesstrener-jozef.eu"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165311/; classtype:trojan-activity;sid:81028411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/en/mici-rfwb_ovox-jh/"; http_uri; depth:22; isdataat:!1,relative; content:"barabooseniorhigh.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165310/; classtype:trojan-activity;sid:81028410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/images/nature/solo6.exe"; http_uri; depth:40; isdataat:!1,relative; content:"ahsantiago.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165309/; classtype:trojan-activity;sid:81028409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/fusion-core/117.exe"; http_uri; depth:39; isdataat:!1,relative; content:"www.cliftonnoble.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165308/; classtype:trojan-activity;sid:81028408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wp-content/uploads/m843939312b81327106.zip"; http_uri; depth:46; isdataat:!1,relative; content:"bpo.correct.go.th"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165303/; classtype:trojan-activity;sid:81028403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/i71-95643516n1277263.zip"; http_uri; depth:40; isdataat:!1,relative; content:"bodybuildingsolution.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165302/; classtype:trojan-activity;sid:81028402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/upgrade/r54749123u94007414.zip"; http_uri; depth:42; isdataat:!1,relative; content:"dapperlilgents.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165301/; classtype:trojan-activity;sid:81028401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/y77-2994822440652965.zip"; http_uri; depth:37; isdataat:!1,relative; content:"tenmax.azurewebsites.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165299/; classtype:trojan-activity;sid:81028399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/n95-095715l0675779.zip"; http_uri; depth:35; isdataat:!1,relative; content:"sweetislandhome.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165298/; classtype:trojan-activity;sid:81028398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/w51-734182515332859.zip"; http_uri; depth:35; isdataat:!1,relative; content:"neg.us"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165296/; classtype:trojan-activity;sid:81028396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/f59-4652276865174884.zip"; http_uri; depth:25; isdataat:!1,relative; content:"bravopinatas.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165294/; classtype:trojan-activity;sid:81028394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/s924553801149800464.zip"; http_uri; depth:31; isdataat:!1,relative; content:"electricskateboard.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165292/; classtype:trojan-activity;sid:81028392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/y18-662200549265297.zip"; http_uri; depth:35; isdataat:!1,relative; content:"shelmex.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165291/; classtype:trojan-activity;sid:81028391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/criminalsite/x07-23140542415917156.zip"; http_uri; depth:39; isdataat:!1,relative; content:"sarasota-lawyers.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165290/; classtype:trojan-activity;sid:81028390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/u1216/a754375559u5385680.zip"; http_uri; depth:35; isdataat:!1,relative; content:"www.sos03.lt"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165289/; classtype:trojan-activity;sid:81028389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/upgrade/83-909854325720025.zip"; http_uri; depth:42; isdataat:!1,relative; content:"178.159.110.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165288/; classtype:trojan-activity;sid:81028388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/f24-332171621410205.zip"; http_uri; depth:36; isdataat:!1,relative; content:"moctranatural.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165287/; classtype:trojan-activity;sid:81028387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/requests/r82-8286096v88451666.zip"; http_uri; depth:46; isdataat:!1,relative; content:"modbu.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165285/; classtype:trojan-activity;sid:81028385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/pomo/p14-70495104904115j276504268122218347.zip"; http_uri; depth:59; isdataat:!1,relative; content:"copticsolidarity.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165284/; classtype:trojan-activity;sid:81028384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/i73-279865v5000060.zip"; http_uri; depth:32; isdataat:!1,relative; content:"attractionwiki.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165283/; classtype:trojan-activity;sid:81028383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/y392865401h955529815.zip"; http_uri; depth:34; isdataat:!1,relative; content:"csunaa.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165281/; classtype:trojan-activity;sid:81028381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/id3/s33457755v49614144.zip"; http_uri; depth:39; isdataat:!1,relative; content:"gogenieholidays.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165280/; classtype:trojan-activity;sid:81028380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/34-8929143823831405.zip"; http_uri; depth:36; isdataat:!1,relative; content:"eletto-m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165279/; classtype:trojan-activity;sid:81028379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/js/t48-416023562453293.zip"; http_uri; depth:36; isdataat:!1,relative; content:"micahproducts.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165278/; classtype:trojan-activity;sid:81028378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/text/j57-1513061t8920436.zip"; http_uri; depth:41; isdataat:!1,relative; content:"www.aresorganics.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165276/; classtype:trojan-activity;sid:81028376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/759323614m29526386.zip"; http_uri; depth:23; isdataat:!1,relative; content:"uttamforyou.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165275/; classtype:trojan-activity;sid:81028375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/i63-65289953901348.zip"; http_uri; depth:35; isdataat:!1,relative; content:"phensupplement.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165274/; classtype:trojan-activity;sid:81028374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/77414617r852853239.zip"; http_uri; depth:43; isdataat:!1,relative; content:"savingsjunkie.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165273/; classtype:trojan-activity;sid:81028373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/m67-1395926201455983.zip"; http_uri; depth:36; isdataat:!1,relative; content:"altuntuval.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165271/; classtype:trojan-activity;sid:81028371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/x30-18885160774180.zip"; http_uri; depth:32; isdataat:!1,relative; content:"eilastygkasse.se"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165270/; classtype:trojan-activity;sid:81028370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/u0950574507278538.zip"; http_uri; depth:33; isdataat:!1,relative; content:"gwinnettquiltersguild.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165269/; classtype:trojan-activity;sid:81028369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/a50884823017453109.zip"; http_uri; depth:32; isdataat:!1,relative; content:"sparklingmoms.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165267/; classtype:trojan-activity;sid:81028367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/l06-2245714842088.zip"; http_uri; depth:41; isdataat:!1,relative; content:"rpmbikes.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165266/; classtype:trojan-activity;sid:81028366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/blogs.dir/06-272553452894117.zip"; http_uri; depth:44; isdataat:!1,relative; content:"donghokashi.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165264/; classtype:trojan-activity;sid:81028364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/y22-8814338k56525945.zip"; http_uri; depth:37; isdataat:!1,relative; content:"bonusdiyari.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165263/; classtype:trojan-activity;sid:81028363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/12-978446m36195594.zip"; http_uri; depth:35; isdataat:!1,relative; content:"neg.us"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165262/; classtype:trojan-activity;sid:81028362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/48070325b02693376.zip"; http_uri; depth:34; isdataat:!1,relative; content:"ocluxurytowncar.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165260/; classtype:trojan-activity;sid:81028360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/s0754335992801725123.zip"; http_uri; depth:36; isdataat:!1,relative; content:"www.travelrules.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165259/; classtype:trojan-activity;sid:81028359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/5777392777y862585684.zip"; http_uri; depth:37; isdataat:!1,relative; content:"mrfreshproducts.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165258/; classtype:trojan-activity;sid:81028358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/7279917753r01555650.zip"; http_uri; depth:43; isdataat:!1,relative; content:"justmyblog.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165257/; classtype:trojan-activity;sid:81028357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/id3/v2444940920191775.zip"; http_uri; depth:38; isdataat:!1,relative; content:"504mag.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165256/; classtype:trojan-activity;sid:81028356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/r19-05612489508644517.zip"; http_uri; depth:35; isdataat:!1,relative; content:"romansimovic.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165255/; classtype:trojan-activity;sid:81028355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/upgrade/g1056921914v707721367.zip"; http_uri; depth:45; isdataat:!1,relative; content:"r4sim.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165253/; classtype:trojan-activity;sid:81028353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/f01-604566g2033392.zip"; http_uri; depth:42; isdataat:!1,relative; content:"www.travelrules.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165252/; classtype:trojan-activity;sid:81028352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hopenrisc"; http_uri; depth:26; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165231/; classtype:trojan-activity;sid:81028331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hppc"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165232/; classtype:trojan-activity;sid:81028332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hmpsl"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165229/; classtype:trojan-activity;sid:81028329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hnios2"; http_uri; depth:23; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165230/; classtype:trojan-activity;sid:81028330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hmips"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165228/; classtype:trojan-activity;sid:81028328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hmicroblazeel"; http_uri; depth:30; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165227/; classtype:trojan-activity;sid:81028327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/harm7"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165224/; classtype:trojan-activity;sid:81028324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hm68k-68xxx"; http_uri; depth:28; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165225/; classtype:trojan-activity;sid:81028325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/hmicroblazebe"; http_uri; depth:30; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165226/; classtype:trojan-activity;sid:81028326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/harm"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165222/; classtype:trojan-activity;sid:81028322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/harm5"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165223/; classtype:trojan-activity;sid:81028323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/haarch64"; http_uri; depth:25; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165219/; classtype:trojan-activity;sid:81028319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/harcle-750d"; http_uri; depth:28; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165220/; classtype:trojan-activity;sid:81028320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/358835865482368/harcle-hs38"; http_uri; depth:28; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165221/; classtype:trojan-activity;sid:81028321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl.b"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165217/; classtype:trojan-activity;sid:81028317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zgp"; http_uri; depth:9; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165218/; classtype:trojan-activity;sid:81028318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5.b"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165215/; classtype:trojan-activity;sid:81028315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7.b"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165216/; classtype:trojan-activity;sid:81028316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apep.x86"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165213/; classtype:trojan-activity;sid:81028313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm.b"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165214/; classtype:trojan-activity;sid:81028314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apep.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165211/; classtype:trojan-activity;sid:81028311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apep.spc"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165212/; classtype:trojan-activity;sid:81028312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apep.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165209/; classtype:trojan-activity;sid:81028309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apep.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165210/; classtype:trojan-activity;sid:81028310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apep.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165207/; classtype:trojan-activity;sid:81028307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apep.mips"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165208/; classtype:trojan-activity;sid:81028308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apep.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165205/; classtype:trojan-activity;sid:81028305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apep.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165206/; classtype:trojan-activity;sid:81028306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apep.arm"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165203/; classtype:trojan-activity;sid:81028303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/apep.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165204/; classtype:trojan-activity;sid:81028304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin/shit.exe"; http_uri; depth:13; isdataat:!1,relative; content:"dreamhouse.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165200/; classtype:trojan-activity;sid:81028300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/file/hipkid.exe"; http_uri; depth:16; isdataat:!1,relative; content:"zurieh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165198/; classtype:trojan-activity;sid:81028298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/drank.x86"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.225.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165187/; classtype:trojan-activity;sid:81028287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/drank.spc"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.225.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165185/; classtype:trojan-activity;sid:81028285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/drank.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.225.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165183/; classtype:trojan-activity;sid:81028283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/drank.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.225.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165184/; classtype:trojan-activity;sid:81028284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/drank.mips"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.225.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165181/; classtype:trojan-activity;sid:81028281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/drank.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.225.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165182/; classtype:trojan-activity;sid:81028282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/drank.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.225.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165179/; classtype:trojan-activity;sid:81028279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/drank.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.225.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165180/; classtype:trojan-activity;sid:81028280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/drank.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.225.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165177/; classtype:trojan-activity;sid:81028277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/drank.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.225.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165178/; classtype:trojan-activity;sid:81028278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/drank.arm"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.225.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165176/; classtype:trojan-activity;sid:81028276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.x86"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165175/; classtype:trojan-activity;sid:81028275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.mips"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165174/; classtype:trojan-activity;sid:81028274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165172/; classtype:trojan-activity;sid:81028272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165171/; classtype:trojan-activity;sid:81028271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165170/; classtype:trojan-activity;sid:81028270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.x86"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165169/; classtype:trojan-activity;sid:81028269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.mips"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165168/; classtype:trojan-activity;sid:81028268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165167/; classtype:trojan-activity;sid:81028267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165166/; classtype:trojan-activity;sid:81028266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165165/; classtype:trojan-activity;sid:81028265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165164/; classtype:trojan-activity;sid:81028264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165163/; classtype:trojan-activity;sid:81028263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.spc"; http_uri; depth:16; isdataat:!1,relative; content:"206.189.118.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165160/; classtype:trojan-activity;sid:81028260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.x86"; http_uri; depth:16; isdataat:!1,relative; content:"206.189.118.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165161/; classtype:trojan-activity;sid:81028261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nk/purchaseorder.exe"; http_uri; depth:21; isdataat:!1,relative; content:"ruih.co.uk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165159/; classtype:trojan-activity;sid:81028259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"206.189.118.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165158/; classtype:trojan-activity;sid:81028258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.118.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165153/; classtype:trojan-activity;sid:81028253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"206.189.118.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165154/; classtype:trojan-activity;sid:81028254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.118.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165151/; classtype:trojan-activity;sid:81028251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.mips"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.118.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165152/; classtype:trojan-activity;sid:81028252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.118.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165150/; classtype:trojan-activity;sid:81028250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.118.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165148/; classtype:trojan-activity;sid:81028248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.118.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165149/; classtype:trojan-activity;sid:81028249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.arm"; http_uri; depth:16; isdataat:!1,relative; content:"206.189.118.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165147/; classtype:trojan-activity;sid:81028247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.x86"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165146/; classtype:trojan-activity;sid:81028246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165143/; classtype:trojan-activity;sid:81028243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165144/; classtype:trojan-activity;sid:81028244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.spc"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165145/; classtype:trojan-activity;sid:81028245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.mpsl"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165142/; classtype:trojan-activity;sid:81028242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165140/; classtype:trojan-activity;sid:81028240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.mips"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165141/; classtype:trojan-activity;sid:81028241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165138/; classtype:trojan-activity;sid:81028238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165139/; classtype:trojan-activity;sid:81028239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165136/; classtype:trojan-activity;sid:81028236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165137/; classtype:trojan-activity;sid:81028237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/copy_invoice/bqfkv-h4nw_pmavailvx-ay/"; http_uri; depth:50; isdataat:!1,relative; content:"geoclimachillers.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165135/; classtype:trojan-activity;sid:81028235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/components/download/invoice_number/etcfn-gmtw_kbovzxm-wcl/"; http_uri; depth:59; isdataat:!1,relative; content:"impro.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165134/; classtype:trojan-activity;sid:81028234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/automatic-domain-changer/image.exe"; http_uri; depth:54; isdataat:!1,relative; content:"abaverlag.de"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165132/; classtype:trojan-activity;sid:81028232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"134.209.237.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165128/; classtype:trojan-activity;sid:81028228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"134.209.237.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165127/; classtype:trojan-activity;sid:81028227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"134.209.237.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165126/; classtype:trojan-activity;sid:81028226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/[cpu]"; http_uri; depth:6; isdataat:!1,relative; content:"134.209.237.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165125/; classtype:trojan-activity;sid:81028225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"134.209.237.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165124/; classtype:trojan-activity;sid:81028224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"134.209.237.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165123/; classtype:trojan-activity;sid:81028223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"134.209.237.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165122/; classtype:trojan-activity;sid:81028222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"134.209.237.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165121/; classtype:trojan-activity;sid:81028221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.arm"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165120/; classtype:trojan-activity;sid:81028220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"134.209.237.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165119/; classtype:trojan-activity;sid:81028219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"134.209.237.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165118/; classtype:trojan-activity;sid:81028218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"134.209.237.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165117/; classtype:trojan-activity;sid:81028217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165116/; classtype:trojan-activity;sid:81028216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.arm"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165113/; classtype:trojan-activity;sid:81028213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kalon.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.244.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165114/; classtype:trojan-activity;sid:81028214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/scan/invoice_number/xuzk-mtus_fpfmnu-qia/"; http_uri; depth:47; isdataat:!1,relative; content:"daemconcepcion.cl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165110/; classtype:trojan-activity;sid:81028210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"98.253.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165109/; classtype:trojan-activity;sid:81028209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/j/xsbb.exe"; http_uri; depth:11; isdataat:!1,relative; content:"ruih.co.uk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165108/; classtype:trojan-activity;sid:81028208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/storezabzine/rmsk3495rjtidk45.exe"; http_uri; depth:34; isdataat:!1,relative; content:"kimiasp.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165107/; classtype:trojan-activity;sid:81028207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165106/; classtype:trojan-activity;sid:81028206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/simplepie/net/work/rtlservice.exe"; http_uri; depth:39; isdataat:!1,relative; content:"schusterartconsultancy.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165105/; classtype:trojan-activity;sid:81028205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165104/; classtype:trojan-activity;sid:81028204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165103/; classtype:trojan-activity;sid:81028203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165101/; classtype:trojan-activity;sid:81028201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/simplepie/net/work/more/rtiservice.exe"; http_uri; depth:44; isdataat:!1,relative; content:"schusterartconsultancy.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165102/; classtype:trojan-activity;sid:81028202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165100/; classtype:trojan-activity;sid:81028200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mips"; http_uri; depth:15; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165099/; classtype:trojan-activity;sid:81028199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165098/; classtype:trojan-activity;sid:81028198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/simplepie/net/work/svchost.exe"; http_uri; depth:36; isdataat:!1,relative; content:"schusterartconsultancy.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165097/; classtype:trojan-activity;sid:81028197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165096/; classtype:trojan-activity;sid:81028196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165095/; classtype:trojan-activity;sid:81028195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/simplepie/net/work/more/svchost.exe"; http_uri; depth:41; isdataat:!1,relative; content:"schusterartconsultancy.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165094/; classtype:trojan-activity;sid:81028194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165093/; classtype:trojan-activity;sid:81028193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165092/; classtype:trojan-activity;sid:81028192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165091/; classtype:trojan-activity;sid:81028191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/suicid"; http_uri; depth:7; isdataat:!1,relative; content:"185.244.25.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165090/; classtype:trojan-activity;sid:81028190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"65.181.124.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165089/; classtype:trojan-activity;sid:81028189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"65.181.124.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165088/; classtype:trojan-activity;sid:81028188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vtyhat"; http_uri; depth:7; isdataat:!1,relative; content:"185.244.25.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165087/; classtype:trojan-activity;sid:81028187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"138.197.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165085/; classtype:trojan-activity;sid:81028185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"138.197.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165086/; classtype:trojan-activity;sid:81028186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8m68k8"; http_uri; depth:7; isdataat:!1,relative; content:"167.99.71.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165084/; classtype:trojan-activity;sid:81028184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mips"; http_uri; depth:15; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165082/; classtype:trojan-activity;sid:81028182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lnkfmx"; http_uri; depth:7; isdataat:!1,relative; content:"185.244.25.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165083/; classtype:trojan-activity;sid:81028183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165081/; classtype:trojan-activity;sid:81028181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razdzn"; http_uri; depth:7; isdataat:!1,relative; content:"185.244.25.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165080/; classtype:trojan-activity;sid:81028180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm7"; http_uri; depth:11; isdataat:!1,relative; content:"138.197.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165079/; classtype:trojan-activity;sid:81028179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"65.181.124.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165078/; classtype:trojan-activity;sid:81028178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8spc8"; http_uri; depth:6; isdataat:!1,relative; content:"167.99.71.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165077/; classtype:trojan-activity;sid:81028177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"65.181.124.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165076/; classtype:trojan-activity;sid:81028176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"138.197.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165075/; classtype:trojan-activity;sid:81028175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i686"; http_uri; depth:11; isdataat:!1,relative; content:"138.197.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165074/; classtype:trojan-activity;sid:81028174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8x868"; http_uri; depth:6; isdataat:!1,relative; content:"167.99.71.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165072/; classtype:trojan-activity;sid:81028172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/atxhua"; http_uri; depth:7; isdataat:!1,relative; content:"185.244.25.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165073/; classtype:trojan-activity;sid:81028173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fwdfvf"; http_uri; depth:7; isdataat:!1,relative; content:"185.244.25.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165071/; classtype:trojan-activity;sid:81028171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qtmzbn"; http_uri; depth:7; isdataat:!1,relative; content:"185.244.25.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165070/; classtype:trojan-activity;sid:81028170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"65.181.124.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165069/; classtype:trojan-activity;sid:81028169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"138.197.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165068/; classtype:trojan-activity;sid:81028168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8sh48"; http_uri; depth:6; isdataat:!1,relative; content:"167.99.71.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165067/; classtype:trojan-activity;sid:81028167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x86"; http_uri; depth:10; isdataat:!1,relative; content:"138.197.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165066/; classtype:trojan-activity;sid:81028166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mips"; http_uri; depth:11; isdataat:!1,relative; content:"138.197.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165065/; classtype:trojan-activity;sid:81028165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"138.197.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165064/; classtype:trojan-activity;sid:81028164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"138.197.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165063/; classtype:trojan-activity;sid:81028163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"138.197.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165062/; classtype:trojan-activity;sid:81028162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"65.181.124.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165061/; classtype:trojan-activity;sid:81028161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"65.181.124.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165060/; classtype:trojan-activity;sid:81028160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ajoomk"; http_uri; depth:7; isdataat:!1,relative; content:"185.244.25.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165059/; classtype:trojan-activity;sid:81028159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8arm48"; http_uri; depth:7; isdataat:!1,relative; content:"167.99.71.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165058/; classtype:trojan-activity;sid:81028158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"65.181.124.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165057/; classtype:trojan-activity;sid:81028157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/8arm58"; http_uri; depth:7; isdataat:!1,relative; content:"167.99.71.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165056/; classtype:trojan-activity;sid:81028156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/earyzq"; http_uri; depth:7; isdataat:!1,relative; content:"185.244.25.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165055/; classtype:trojan-activity;sid:81028155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"65.181.124.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165054/; classtype:trojan-activity;sid:81028154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/momentum.mips64"; http_uri; depth:16; isdataat:!1,relative; content:"45.67.14.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165053/; classtype:trojan-activity;sid:81028153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nvitpj"; http_uri; depth:7; isdataat:!1,relative; content:"185.244.25.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165052/; classtype:trojan-activity;sid:81028152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; content:"65.181.124.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165051/; classtype:trojan-activity;sid:81028151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vvglma"; http_uri; depth:7; isdataat:!1,relative; content:"185.244.25.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165050/; classtype:trojan-activity;sid:81028150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i586"; http_uri; depth:11; isdataat:!1,relative; content:"138.197.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165049/; classtype:trojan-activity;sid:81028149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"138.197.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165048/; classtype:trojan-activity;sid:81028148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/b8644986.exe"; http_uri; depth:21; isdataat:!1,relative; content:"a-7763.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165047/; classtype:trojan-activity;sid:81028147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86"; http_uri; depth:14; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165045/; classtype:trojan-activity;sid:81028145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/configuracion/plugins/j.exe"; http_uri; depth:28; isdataat:!1,relative; content:"aloneintheweb.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165044/; classtype:trojan-activity;sid:81028144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/info.exe"; http_uri; depth:16; isdataat:!1,relative; content:"aloneintheweb.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165043/; classtype:trojan-activity;sid:81028143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/simplepie/net/work/rtiservice.exe"; http_uri; depth:39; isdataat:!1,relative; content:"schusterartconsultancy.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165042/; classtype:trojan-activity;sid:81028142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86"; http_uri; depth:14; isdataat:!1,relative; content:"159.203.26.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165041/; classtype:trojan-activity;sid:81028141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165037/; classtype:trojan-activity;sid:81028137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.x86"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165038/; classtype:trojan-activity;sid:81028138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165036/; classtype:trojan-activity;sid:81028136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165035/; classtype:trojan-activity;sid:81028135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.mips"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165033/; classtype:trojan-activity;sid:81028133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165034/; classtype:trojan-activity;sid:81028134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165032/; classtype:trojan-activity;sid:81028132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vid.exe"; http_uri; depth:8; isdataat:!1,relative; content:"bmwxdinnoafo.uz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165031/; classtype:trojan-activity;sid:81028131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165030/; classtype:trojan-activity;sid:81028130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165029/; classtype:trojan-activity;sid:81028129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165028/; classtype:trojan-activity;sid:81028128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165027/; classtype:trojan-activity;sid:81028127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165025/; classtype:trojan-activity;sid:81028125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165026/; classtype:trojan-activity;sid:81028126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165024/; classtype:trojan-activity;sid:81028124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/contact_us/llc/invoice_notice/80212597953/tnoas-sma_a-utr/"; http_uri; depth:59; isdataat:!1,relative; content:"kebulak.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165023/; classtype:trojan-activity;sid:81028123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165022/; classtype:trojan-activity;sid:81028122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165021/; classtype:trojan-activity;sid:81028121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165019/; classtype:trojan-activity;sid:81028119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165020/; classtype:trojan-activity;sid:81028120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165018/; classtype:trojan-activity;sid:81028118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165017/; classtype:trojan-activity;sid:81028117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165016/; classtype:trojan-activity;sid:81028116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165015/; classtype:trojan-activity;sid:81028115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165014/; classtype:trojan-activity;sid:81028114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165013/; classtype:trojan-activity;sid:81028113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165012/; classtype:trojan-activity;sid:81028112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9yorcan/en_en/doc/copy_invoice/axbu-in7v_rglf-85/"; http_uri; depth:50; isdataat:!1,relative; content:"inovatips.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165011/; classtype:trojan-activity;sid:81028111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/en_us/info/invoice_notice/kgcg-pdyap_zyh-ax/"; http_uri; depth:66; isdataat:!1,relative; content:"gilsanbus.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165010/; classtype:trojan-activity;sid:81028110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165009/; classtype:trojan-activity;sid:81028109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-contents/us_us/corporation/jnfi-kau_aplhpoq-od/"; http_uri; depth:51; isdataat:!1,relative; content:"alpinaemlak.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165008/; classtype:trojan-activity;sid:81028108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/us/corporation/new_invoice/8240326981647/mmozz-zk_lkrqctt-m5l/"; http_uri; depth:63; isdataat:!1,relative; content:"fbufz.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165007/; classtype:trojan-activity;sid:81028107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cpab-ototy_dfuc-ll/"; http_uri; depth:20; isdataat:!1,relative; content:"ewoij.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165006/; classtype:trojan-activity;sid:81028106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2zsjmbk/file/qosl-d6vg_rpslf-s1h/"; http_uri; depth:34; isdataat:!1,relative; content:"www.hk026.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165005/; classtype:trojan-activity;sid:81028105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/us/invoice/ekwq-7n_aegepqysi-6t/"; http_uri; depth:37; isdataat:!1,relative; content:"dtk-ad.co.th"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165004/; classtype:trojan-activity;sid:81028104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"138.197.149.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165003/; classtype:trojan-activity;sid:81028103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fre/seescenicelfa.exe"; http_uri; depth:22; isdataat:!1,relative; content:"www.bwhdpco.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165002/; classtype:trojan-activity;sid:81028102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/expertos/info/copy_invoice/awel-jqr_v-fd/"; http_uri; depth:42; isdataat:!1,relative; content:"gisec.com.mx"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165001/; classtype:trojan-activity;sid:81028101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/icon/en/llc/inv/vmgpd-4lp9_gn-xho/"; http_uri; depth:35; isdataat:!1,relative; content:"qualityansweringservice.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/165000/; classtype:trojan-activity;sid:81028100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fobn/us/copy_invoice/656709416066/bkxuh-ypw_zq-pn/"; http_uri; depth:51; isdataat:!1,relative; content:"larissapharma.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164999/; classtype:trojan-activity;sid:81028099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rylawpc/invoice_number/qxvet-hm5fk_fi-qn/"; http_uri; depth:42; isdataat:!1,relative; content:"ksoncrossfit.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164998/; classtype:trojan-activity;sid:81028098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/us_us/llc/invoice_notice/fjpzv-tbj2_qkyswl-yw/"; http_uri; depth:59; isdataat:!1,relative; content:"junkmover.ca"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164997/; classtype:trojan-activity;sid:81028097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/en_us/scan/invoice_notice/6440517/tzeq-dms_bq-6jz/"; http_uri; depth:55; isdataat:!1,relative; content:"www.hurrican.sk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164996/; classtype:trojan-activity;sid:81028096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/en_en/scan/inv/tuddb-pwsb2_bpolqtz-bd/"; http_uri; depth:51; isdataat:!1,relative; content:"lastmilecdn.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164995/; classtype:trojan-activity;sid:81028095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/download/invoice_number/108875903/dtaz-o3d_e-rt/"; http_uri; depth:68; isdataat:!1,relative; content:"kannada.awgp.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164994/; classtype:trojan-activity;sid:81028094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm4"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.142.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164992/; classtype:trojan-activity;sid:81028092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"104.248.142.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164993/; classtype:trojan-activity;sid:81028093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.142.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164990/; classtype:trojan-activity;sid:81028090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.142.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164991/; classtype:trojan-activity;sid:81028091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/en_en/info/nvdra-lld5_glwmm-en/"; http_uri; depth:44; isdataat:!1,relative; content:"ilimler.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164989/; classtype:trojan-activity;sid:81028089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.mips"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.142.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164988/; classtype:trojan-activity;sid:81028088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.sparc"; http_uri; depth:16; isdataat:!1,relative; content:"104.248.142.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164987/; classtype:trojan-activity;sid:81028087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.142.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164986/; classtype:trojan-activity;sid:81028086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.i686"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.142.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164985/; classtype:trojan-activity;sid:81028085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.i586"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.142.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164984/; classtype:trojan-activity;sid:81028084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.142.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164983/; classtype:trojan-activity;sid:81028083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"104.248.142.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164981/; classtype:trojan-activity;sid:81028081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.x86"; http_uri; depth:14; isdataat:!1,relative; content:"104.248.142.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164982/; classtype:trojan-activity;sid:81028082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; content:"51.254.209.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164980/; classtype:trojan-activity;sid:81028080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fre/seescenicelfa.exe"; http_uri; depth:22; isdataat:!1,relative; content:"bwhdpco.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164979/; classtype:trojan-activity;sid:81028079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/k1ra1/kirai.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"104.248.39.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164978/; classtype:trojan-activity;sid:81028078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vanish.arm"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164977/; classtype:trojan-activity;sid:81028077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/sh4"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164975/; classtype:trojan-activity;sid:81028075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/spc"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164976/; classtype:trojan-activity;sid:81028076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/mpsl"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164973/; classtype:trojan-activity;sid:81028073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/ppc"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164974/; classtype:trojan-activity;sid:81028074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/m68k"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164971/; classtype:trojan-activity;sid:81028071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/mips"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164972/; classtype:trojan-activity;sid:81028072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/arm5"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164968/; classtype:trojan-activity;sid:81028068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/arm6"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164969/; classtype:trojan-activity;sid:81028069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/arm7"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164970/; classtype:trojan-activity;sid:81028070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/arm"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164967/; classtype:trojan-activity;sid:81028067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vi/spc.yakuza"; http_uri; depth:14; isdataat:!1,relative; content:"68.183.207.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164966/; classtype:trojan-activity;sid:81028066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vi/sh4.yakuza"; http_uri; depth:14; isdataat:!1,relative; content:"68.183.207.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164965/; classtype:trojan-activity;sid:81028065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vi/ppc.yakuza"; http_uri; depth:14; isdataat:!1,relative; content:"68.183.207.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164964/; classtype:trojan-activity;sid:81028064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vi/mpsl.yakuza"; http_uri; depth:15; isdataat:!1,relative; content:"68.183.207.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164963/; classtype:trojan-activity;sid:81028063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vi/mips.yakuza"; http_uri; depth:15; isdataat:!1,relative; content:"68.183.207.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164962/; classtype:trojan-activity;sid:81028062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vi/m68k.yakuza"; http_uri; depth:15; isdataat:!1,relative; content:"68.183.207.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164961/; classtype:trojan-activity;sid:81028061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vi/arm7.yakuza"; http_uri; depth:15; isdataat:!1,relative; content:"68.183.207.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164960/; classtype:trojan-activity;sid:81028060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vi/arm6.yakuza"; http_uri; depth:15; isdataat:!1,relative; content:"68.183.207.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164959/; classtype:trojan-activity;sid:81028059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vi/arm5.yakuza"; http_uri; depth:15; isdataat:!1,relative; content:"68.183.207.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164958/; classtype:trojan-activity;sid:81028058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vi/arm.yakuza"; http_uri; depth:14; isdataat:!1,relative; content:"68.183.207.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164957/; classtype:trojan-activity;sid:81028057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.spc"; http_uri; depth:21; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164955/; classtype:trojan-activity;sid:81028055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164956/; classtype:trojan-activity;sid:81028056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164953/; classtype:trojan-activity;sid:81028053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164954/; classtype:trojan-activity;sid:81028054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164951/; classtype:trojan-activity;sid:81028051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164952/; classtype:trojan-activity;sid:81028052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164949/; classtype:trojan-activity;sid:81028049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164950/; classtype:trojan-activity;sid:81028050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164947/; classtype:trojan-activity;sid:81028047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164948/; classtype:trojan-activity;sid:81028048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164946/; classtype:trojan-activity;sid:81028046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/include/ckeditor/plugins/pagebreak/ada/orcy32.exe"; http_uri; depth:50; isdataat:!1,relative; content:"dongacds.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164945/; classtype:trojan-activity;sid:81028045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/include/ckeditor/plugins/pagebreak/ada/wrkot.exe"; http_uri; depth:49; isdataat:!1,relative; content:"dongacds.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164944/; classtype:trojan-activity;sid:81028044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/logintools/lhtl.exe"; http_uri; depth:20; isdataat:!1,relative; content:"app100700930.static.xyimg.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164943/; classtype:trojan-activity;sid:81028043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/portal/mseriesdesktopinstallers/mseriesdesktop.initialversion.exe"; http_uri; depth:66; isdataat:!1,relative; content:"unilevercopabr.mbiz20.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164942/; classtype:trojan-activity;sid:81028042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoz.armv5"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164941/; classtype:trojan-activity;sid:81028041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoz.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164940/; classtype:trojan-activity;sid:81028040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoz.x86"; http_uri; depth:10; isdataat:!1,relative; content:"134.209.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164939/; classtype:trojan-activity;sid:81028039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoz.armv4"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164938/; classtype:trojan-activity;sid:81028038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoz.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"134.209.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164937/; classtype:trojan-activity;sid:81028037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoz.armv6"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164936/; classtype:trojan-activity;sid:81028036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoz.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164935/; classtype:trojan-activity;sid:81028035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoz.i686"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164934/; classtype:trojan-activity;sid:81028034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoz.armv7"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164933/; classtype:trojan-activity;sid:81028033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoz.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164932/; classtype:trojan-activity;sid:81028032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoz.mips"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164931/; classtype:trojan-activity;sid:81028031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoz.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"134.209.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164930/; classtype:trojan-activity;sid:81028030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaoz.i586"; http_uri; depth:11; isdataat:!1,relative; content:"134.209.125.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164929/; classtype:trojan-activity;sid:81028029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/include/ckeditor/plugins/pagebreak/ada/h1st0.exe"; http_uri; depth:49; isdataat:!1,relative; content:"dongacds.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164928/; classtype:trojan-activity;sid:81028028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alexphilipsssons/awsomerun/raw/master/codds"; http_uri; depth:44; isdataat:!1,relative; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164927/; classtype:trojan-activity;sid:81028027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sb/123.exe"; http_uri; depth:11; isdataat:!1,relative; content:"askdklk8823.pw"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164926/; classtype:trojan-activity;sid:81028026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xpresszip/xpresszipinstall-4619.exe"; http_uri; depth:36; isdataat:!1,relative; content:"down.soft.qswzayy.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164925/; classtype:trojan-activity;sid:81028025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/facebook.zip"; http_uri; depth:13; isdataat:!1,relative; content:"espiremoto2016.webcindario.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164924/; classtype:trojan-activity;sid:81028024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xpresszip/xpresszipinstall-4620.exe"; http_uri; depth:36; isdataat:!1,relative; content:"down.soft.qswzayy.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164923/; classtype:trojan-activity;sid:81028023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ox5d.exe"; http_uri; depth:9; isdataat:!1,relative; content:"h13.doshimotai.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164922/; classtype:trojan-activity;sid:81028022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/evidar2.exe"; http_uri; depth:12; isdataat:!1,relative; content:"jj7.doshimotai.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164921/; classtype:trojan-activity;sid:81028021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/killeryuga.exe"; http_uri; depth:15; isdataat:!1,relative; content:"jj7.doshimotai.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164920/; classtype:trojan-activity;sid:81028020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/a7673379.exe"; http_uri; depth:21; isdataat:!1,relative; content:"a-7763.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164919/; classtype:trojan-activity;sid:81028019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/c52c1832.exe"; http_uri; depth:21; isdataat:!1,relative; content:"a-7763.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164918/; classtype:trojan-activity;sid:81028018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dlpro/12af3acffa58ae19c17705e27128d907/5c979d71/1431rb/order.jpg.zip"; http_uri; depth:69; isdataat:!1,relative; content:"fs08n3.sendspace.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164917/; classtype:trojan-activity;sid:81028017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.x86"; http_uri; depth:17; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164915/; classtype:trojan-activity;sid:81028015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/mips"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164916/; classtype:trojan-activity;sid:81028016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.sh4"; http_uri; depth:17; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164913/; classtype:trojan-activity;sid:81028013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.spc"; http_uri; depth:17; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164914/; classtype:trojan-activity;sid:81028014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.mips"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164910/; classtype:trojan-activity;sid:81028010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.mpsl"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164911/; classtype:trojan-activity;sid:81028011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.ppc"; http_uri; depth:17; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164912/; classtype:trojan-activity;sid:81028012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164908/; classtype:trojan-activity;sid:81028008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.m68k"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164909/; classtype:trojan-activity;sid:81028009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm"; http_uri; depth:17; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164905/; classtype:trojan-activity;sid:81028005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164906/; classtype:trojan-activity;sid:81028006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164907/; classtype:trojan-activity;sid:81028007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arc"; http_uri; depth:17; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164904/; classtype:trojan-activity;sid:81028004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/06e4102.exe"; http_uri; depth:20; isdataat:!1,relative; content:"a-7763.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164903/; classtype:trojan-activity;sid:81028003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/38d6655.exe"; http_uri; depth:20; isdataat:!1,relative; content:"a-7763.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164902/; classtype:trojan-activity;sid:81028002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/b5332754.exe"; http_uri; depth:21; isdataat:!1,relative; content:"a-7763.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164901/; classtype:trojan-activity;sid:81028001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sjg2e3u.exe"; http_uri; depth:12; isdataat:!1,relative; content:"isupportnaturalhealth.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164900/; classtype:trojan-activity;sid:81028000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/2b128360.exe"; http_uri; depth:21; isdataat:!1,relative; content:"a-7763.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164899/; classtype:trojan-activity;sid:81027999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/0da17223.exe"; http_uri; depth:21; isdataat:!1,relative; content:"a-7763.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164898/; classtype:trojan-activity;sid:81027998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/626d4095.exe"; http_uri; depth:21; isdataat:!1,relative; content:"a-7763.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164897/; classtype:trojan-activity;sid:81027997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; content:"157.230.53.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164896/; classtype:trojan-activity;sid:81027996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; content:"157.230.53.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164895/; classtype:trojan-activity;sid:81027995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"157.230.53.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164894/; classtype:trojan-activity;sid:81027994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; content:"157.230.53.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164893/; classtype:trojan-activity;sid:81027993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; content:"157.230.53.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164892/; classtype:trojan-activity;sid:81027992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tracking/clickd=tnhgrx0s-ka5e8yff6q9ljqk_h5-utuscocxk40uuwzhfgzeetwt42jgjlvnot6bn5givjwafivq4qtdj8hax3b3ihallqc7mxmdsf3qfkqpcpq19eds-ctff3qtpexw6vnpc9xwqnc3-nmoz24f10o1"; http_uri; depth:169; isdataat:!1,relative; content:"tvo0.trk.elasticemail.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164891/; classtype:trojan-activity;sid:81027991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.arm6"; http_uri; depth:21; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164888/; classtype:trojan-activity;sid:81027988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.arm7"; http_uri; depth:21; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164890/; classtype:trojan-activity;sid:81027990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.ppc"; http_uri; depth:20; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164889/; classtype:trojan-activity;sid:81027989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.arm5"; http_uri; depth:21; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164887/; classtype:trojan-activity;sid:81027987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.m68k"; http_uri; depth:21; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164886/; classtype:trojan-activity;sid:81027986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.arm7"; http_uri; depth:21; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164885/; classtype:trojan-activity;sid:81027985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.arm"; http_uri; depth:20; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164883/; classtype:trojan-activity;sid:81027983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.arm5"; http_uri; depth:21; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164884/; classtype:trojan-activity;sid:81027984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.arm6"; http_uri; depth:21; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164882/; classtype:trojan-activity;sid:81027982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.ppc"; http_uri; depth:20; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164881/; classtype:trojan-activity;sid:81027981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.sh4"; http_uri; depth:20; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164879/; classtype:trojan-activity;sid:81027979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.sh4"; http_uri; depth:20; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164880/; classtype:trojan-activity;sid:81027980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.m68k"; http_uri; depth:21; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164878/; classtype:trojan-activity;sid:81027978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.arm"; http_uri; depth:20; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164877/; classtype:trojan-activity;sid:81027977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.x86"; http_uri; depth:20; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164876/; classtype:trojan-activity;sid:81027976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/phantomatm.x86"; http_uri; depth:20; isdataat:!1,relative; content:"194.15.36.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164875/; classtype:trojan-activity;sid:81027975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/silvode7jun.docx"; http_uri; depth:17; isdataat:!1,relative; content:"tivpc.org.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164874/; classtype:trojan-activity;sid:81027974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/akripper2000.exe"; http_uri; depth:17; isdataat:!1,relative; content:"gedd123.free.fr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164873/; classtype:trojan-activity;sid:81027973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cat7jun.docx"; http_uri; depth:13; isdataat:!1,relative; content:"tivpc.org.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164872/; classtype:trojan-activity;sid:81027972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vrontiz/urltwx.exe"; http_uri; depth:19; isdataat:!1,relative; content:"iranparaffirnwax.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164871/; classtype:trojan-activity;sid:81027971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.x86"; http_uri; depth:14; isdataat:!1,relative; content:"69.12.67.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164870/; classtype:trojan-activity;sid:81027970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.spc"; http_uri; depth:14; isdataat:!1,relative; content:"69.12.67.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164869/; classtype:trojan-activity;sid:81027969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"69.12.67.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164868/; classtype:trojan-activity;sid:81027968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"69.12.67.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164867/; classtype:trojan-activity;sid:81027967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"69.12.67.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164866/; classtype:trojan-activity;sid:81027966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.mips"; http_uri; depth:15; isdataat:!1,relative; content:"69.12.67.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164865/; classtype:trojan-activity;sid:81027965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"69.12.67.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164864/; classtype:trojan-activity;sid:81027964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"69.12.67.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164863/; classtype:trojan-activity;sid:81027963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"69.12.67.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164862/; classtype:trojan-activity;sid:81027962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"69.12.67.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164861/; classtype:trojan-activity;sid:81027961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.arm"; http_uri; depth:14; isdataat:!1,relative; content:"69.12.67.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164860/; classtype:trojan-activity;sid:81027960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cotley%20mini%20ode%20schedule%202016.doc"; http_uri; depth:42; isdataat:!1,relative; content:"tivpc.org.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164859/; classtype:trojan-activity;sid:81027959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/google_ads_promo.exe"; http_uri; depth:21; isdataat:!1,relative; content:"instashop.vip"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164858/; classtype:trojan-activity;sid:81027958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ysdfd.x32"; http_uri; depth:10; isdataat:!1,relative; content:"159.203.94.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164857/; classtype:trojan-activity;sid:81027957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gafdse.mips"; http_uri; depth:12; isdataat:!1,relative; content:"159.203.94.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164856/; classtype:trojan-activity;sid:81027956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaefds.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"159.203.94.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164855/; classtype:trojan-activity;sid:81027955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gadfe.x86"; http_uri; depth:10; isdataat:!1,relative; content:"159.203.94.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164853/; classtype:trojan-activity;sid:81027953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yaksddfs.i586"; http_uri; depth:14; isdataat:!1,relative; content:"159.203.94.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164854/; classtype:trojan-activity;sid:81027954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gafsde.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"159.203.94.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164852/; classtype:trojan-activity;sid:81027952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gafsde.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"159.203.94.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164851/; classtype:trojan-activity;sid:81027951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yafsda.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"159.203.94.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164850/; classtype:trojan-activity;sid:81027950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yasddfa.ppc"; http_uri; depth:12; isdataat:!1,relative; content:"159.203.94.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164849/; classtype:trojan-activity;sid:81027949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sdfza.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"159.203.94.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164848/; classtype:trojan-activity;sid:81027948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/login/_newbuild.exe"; http_uri; depth:20; isdataat:!1,relative; content:"login.178stu.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164847/; classtype:trojan-activity;sid:81027947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/consent_form.doc"; http_uri; depth:17; isdataat:!1,relative; content:"tivpc.org.uk"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164846/; classtype:trojan-activity;sid:81027946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ists/cours/tech%20son/technique%20du%20son.doc"; http_uri; depth:47; isdataat:!1,relative; content:"maphack.free.fr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164845/; classtype:trojan-activity;sid:81027945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/007tk.exe"; http_uri; depth:10; isdataat:!1,relative; content:"12tk.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164844/; classtype:trojan-activity;sid:81027944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ists/cours/culture%20artistique/dossier%20culture%20artistique%20-%20sophie%20calle/dossier%20cult%20art%20sophie%20calle.doc"; http_uri; depth:126; isdataat:!1,relative; content:"maphack.free.fr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164843/; classtype:trojan-activity;sid:81027943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/expiorer.exe"; http_uri; depth:19; isdataat:!1,relative; content:"megumin2.pw"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164842/; classtype:trojan-activity;sid:81027942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/systems.exe"; http_uri; depth:18; isdataat:!1,relative; content:"megumin2.pw"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164841/; classtype:trojan-activity;sid:81027941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/winini.exe"; http_uri; depth:17; isdataat:!1,relative; content:"megumin2.pw"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164840/; classtype:trojan-activity;sid:81027940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/x86"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164839/; classtype:trojan-activity;sid:81027939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/m.exe"; http_uri; depth:13; isdataat:!1,relative; content:"211.233.40.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164838/; classtype:trojan-activity;sid:81027938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/x86"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164837/; classtype:trojan-activity;sid:81027937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164835/; classtype:trojan-activity;sid:81027935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164836/; classtype:trojan-activity;sid:81027936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164833/; classtype:trojan-activity;sid:81027933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164834/; classtype:trojan-activity;sid:81027934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.arm"; http_uri; depth:14; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164832/; classtype:trojan-activity;sid:81027932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.125.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164830/; classtype:trojan-activity;sid:81027930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164831/; classtype:trojan-activity;sid:81027931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; content:"46.101.146.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164829/; classtype:trojan-activity;sid:81027929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.125.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164828/; classtype:trojan-activity;sid:81027928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.arm"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.125.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164827/; classtype:trojan-activity;sid:81027927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.125.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164826/; classtype:trojan-activity;sid:81027926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.x86"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.125.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164825/; classtype:trojan-activity;sid:81027925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.125.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164824/; classtype:trojan-activity;sid:81027924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.mips"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.125.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164823/; classtype:trojan-activity;sid:81027923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/k3cloud/clientbin/silverlightresources/silverlight.exe"; http_uri; depth:55; isdataat:!1,relative; content:"k3.etfiber.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164822/; classtype:trojan-activity;sid:81027922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.125.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164821/; classtype:trojan-activity;sid:81027921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vi/x86.yakuza"; http_uri; depth:14; isdataat:!1,relative; content:"68.183.207.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164820/; classtype:trojan-activity;sid:81027920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"46.101.146.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164819/; classtype:trojan-activity;sid:81027919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86"; http_uri; depth:14; isdataat:!1,relative; content:"46.101.146.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164818/; classtype:trojan-activity;sid:81027918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"46.101.146.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164817/; classtype:trojan-activity;sid:81027917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mips"; http_uri; depth:15; isdataat:!1,relative; content:"46.101.146.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164816/; classtype:trojan-activity;sid:81027916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"46.101.146.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164815/; classtype:trojan-activity;sid:81027915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"46.101.146.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164814/; classtype:trojan-activity;sid:81027914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164813/; classtype:trojan-activity;sid:81027913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.x86"; http_uri; depth:14; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164812/; classtype:trojan-activity;sid:81027912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"46.101.146.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164810/; classtype:trojan-activity;sid:81027910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"46.101.146.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164811/; classtype:trojan-activity;sid:81027911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"46.101.146.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164809/; classtype:trojan-activity;sid:81027909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kmmnngh/sureboy.exe"; http_uri; depth:20; isdataat:!1,relative; content:"accpais.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164808/; classtype:trojan-activity;sid:81027908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mine/bin.exe"; http_uri; depth:13; isdataat:!1,relative; content:"accpais.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164807/; classtype:trojan-activity;sid:81027907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mmkkkk/sureboy.exe"; http_uri; depth:19; isdataat:!1,relative; content:"accpais.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164806/; classtype:trojan-activity;sid:81027906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.mips"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164805/; classtype:trojan-activity;sid:81027905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sbot.mips"; http_uri; depth:10; isdataat:!1,relative; content:"134.209.125.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164804/; classtype:trojan-activity;sid:81027904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164803/; classtype:trojan-activity;sid:81027903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164802/; classtype:trojan-activity;sid:81027902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164801/; classtype:trojan-activity;sid:81027901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164800/; classtype:trojan-activity;sid:81027900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164799/; classtype:trojan-activity;sid:81027899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164798/; classtype:trojan-activity;sid:81027898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mips"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164797/; classtype:trojan-activity;sid:81027897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164796/; classtype:trojan-activity;sid:81027896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164795/; classtype:trojan-activity;sid:81027895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164794/; classtype:trojan-activity;sid:81027894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164793/; classtype:trojan-activity;sid:81027893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164792/; classtype:trojan-activity;sid:81027892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.arm"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164791/; classtype:trojan-activity;sid:81027891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.mips"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164789/; classtype:trojan-activity;sid:81027889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.arm"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164790/; classtype:trojan-activity;sid:81027890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164788/; classtype:trojan-activity;sid:81027888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164787/; classtype:trojan-activity;sid:81027887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164786/; classtype:trojan-activity;sid:81027886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164785/; classtype:trojan-activity;sid:81027885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/beonepage-pro/languages/reso.zip"; http_uri; depth:51; isdataat:!1,relative; content:"tamim.pro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164784/; classtype:trojan-activity;sid:81027884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164783/; classtype:trojan-activity;sid:81027883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164782/; classtype:trojan-activity;sid:81027882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164781/; classtype:trojan-activity;sid:81027881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.mips"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164780/; classtype:trojan-activity;sid:81027880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vi/x86.yakuza"; http_uri; depth:14; isdataat:!1,relative; content:"68.183.207.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164779/; classtype:trojan-activity;sid:81027879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dark.x86"; http_uri; depth:14; isdataat:!1,relative; content:"185.244.25.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164778/; classtype:trojan-activity;sid:81027878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164777/; classtype:trojan-activity;sid:81027877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164776/; classtype:trojan-activity;sid:81027876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm"; http_uri; depth:14; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164775/; classtype:trojan-activity;sid:81027875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164774/; classtype:trojan-activity;sid:81027874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164773/; classtype:trojan-activity;sid:81027873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/beonepage-pro/languages/msg.jpg"; http_uri; depth:50; isdataat:!1,relative; content:"tamim.pro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164772/; classtype:trojan-activity;sid:81027872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164771/; classtype:trojan-activity;sid:81027871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164770/; classtype:trojan-activity;sid:81027870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164769/; classtype:trojan-activity;sid:81027869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.x86"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164768/; classtype:trojan-activity;sid:81027868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86"; http_uri; depth:14; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164767/; classtype:trojan-activity;sid:81027867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"159.89.183.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164766/; classtype:trojan-activity;sid:81027866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164765/; classtype:trojan-activity;sid:81027865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"104.248.162.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164764/; classtype:trojan-activity;sid:81027864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lnkfmx"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.174.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164763/; classtype:trojan-activity;sid:81027863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164762/; classtype:trojan-activity;sid:81027862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164761/; classtype:trojan-activity;sid:81027861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164759/; classtype:trojan-activity;sid:81027859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164760/; classtype:trojan-activity;sid:81027860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164758/; classtype:trojan-activity;sid:81027858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.183.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164757/; classtype:trojan-activity;sid:81027857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"104.248.162.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164756/; classtype:trojan-activity;sid:81027856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.183.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164755/; classtype:trojan-activity;sid:81027855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.183.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164754/; classtype:trojan-activity;sid:81027854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fwdfvf"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.174.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164753/; classtype:trojan-activity;sid:81027853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qvmxvl"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.174.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164752/; classtype:trojan-activity;sid:81027852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"104.248.162.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164751/; classtype:trojan-activity;sid:81027851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vtyhat"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.174.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164750/; classtype:trojan-activity;sid:81027850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164749/; classtype:trojan-activity;sid:81027849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164748/; classtype:trojan-activity;sid:81027848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"159.89.183.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164747/; classtype:trojan-activity;sid:81027847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ajoomk"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.174.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164746/; classtype:trojan-activity;sid:81027846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nvitpj"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.174.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164745/; classtype:trojan-activity;sid:81027845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/qtmzbn"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.174.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164744/; classtype:trojan-activity;sid:81027844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"104.248.162.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164743/; classtype:trojan-activity;sid:81027843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"104.248.162.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164742/; classtype:trojan-activity;sid:81027842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164741/; classtype:trojan-activity;sid:81027841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"159.89.183.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164740/; classtype:trojan-activity;sid:81027840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164739/; classtype:trojan-activity;sid:81027839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"104.248.162.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164738/; classtype:trojan-activity;sid:81027838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/razdzn"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.174.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164737/; classtype:trojan-activity;sid:81027837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"159.89.183.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164736/; classtype:trojan-activity;sid:81027836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"104.248.162.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164735/; classtype:trojan-activity;sid:81027835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vvglma"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.174.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164734/; classtype:trojan-activity;sid:81027834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/atxhua"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.174.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164733/; classtype:trojan-activity;sid:81027833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164732/; classtype:trojan-activity;sid:81027832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"159.89.183.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164731/; classtype:trojan-activity;sid:81027831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"104.248.162.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164730/; classtype:trojan-activity;sid:81027830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"159.89.183.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164728/; classtype:trojan-activity;sid:81027828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164729/; classtype:trojan-activity;sid:81027829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164727/; classtype:trojan-activity;sid:81027827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164726/; classtype:trojan-activity;sid:81027826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/[cpu]"; http_uri; depth:6; isdataat:!1,relative; content:"104.248.162.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164724/; classtype:trojan-activity;sid:81027824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164725/; classtype:trojan-activity;sid:81027825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"104.248.162.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164723/; classtype:trojan-activity;sid:81027823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"159.89.183.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164722/; classtype:trojan-activity;sid:81027822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"104.248.162.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164721/; classtype:trojan-activity;sid:81027821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/earyzq"; http_uri; depth:7; isdataat:!1,relative; content:"159.89.174.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164720/; classtype:trojan-activity;sid:81027820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"104.248.162.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164719/; classtype:trojan-activity;sid:81027819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164718/; classtype:trojan-activity;sid:81027818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"138.68.17.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164717/; classtype:trojan-activity;sid:81027817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nick.x86"; http_uri; depth:14; isdataat:!1,relative; content:"134.209.125.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164716/; classtype:trojan-activity;sid:81027816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sigem/atualizador_sped.exe"; http_uri; depth:27; isdataat:!1,relative; content:"www.dintecsistema.com.br"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164715/; classtype:trojan-activity;sid:81027815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hoho.x86"; http_uri; depth:14; isdataat:!1,relative; content:"142.93.147.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164714/; classtype:trojan-activity;sid:81027814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/web/uploads/20190311/64f9bef9f9c790fa66c3ee5d4652bc0a.exe"; http_uri; depth:58; isdataat:!1,relative; content:"res.qaqgame.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164713/; classtype:trojan-activity;sid:81027813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sigem/ativador.exe"; http_uri; depth:19; isdataat:!1,relative; content:"dintecsistema.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164712/; classtype:trojan-activity;sid:81027812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/quadrant/slim.exe"; http_uri; depth:18; isdataat:!1,relative; content:"treassurebank.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164711/; classtype:trojan-activity;sid:81027811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_output42eaac0s.exe"; http_uri; depth:20; isdataat:!1,relative; content:"dsf334d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164710/; classtype:trojan-activity;sid:81027810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/quadrant/temi.exe"; http_uri; depth:18; isdataat:!1,relative; content:"treassurebank.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164709/; classtype:trojan-activity;sid:81027809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/quadrant/fcr2.exe"; http_uri; depth:18; isdataat:!1,relative; content:"treassurebank.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164708/; classtype:trojan-activity;sid:81027808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/soft/244535/acronis.exe"; http_uri; depth:24; isdataat:!1,relative; content:"d2.udashi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164707/; classtype:trojan-activity;sid:81027807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/quadrant/tbba2.exe"; http_uri; depth:19; isdataat:!1,relative; content:"treassurebank.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164706/; classtype:trojan-activity;sid:81027806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"220.132.72.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164705/; classtype:trojan-activity;sid:81027805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"189.167.48.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164704/; classtype:trojan-activity;sid:81027804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lin6"; http_uri; depth:5; isdataat:!1,relative; content:"122.114.246.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_24; reference:url, urlhaus.abuse.ch/url/164703/; classtype:trojan-activity;sid:81027803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carnageppc"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164702/; classtype:trojan-activity;sid:81027802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carnagex86"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164701/; classtype:trojan-activity;sid:81027801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carnagefuck"; http_uri; depth:12; isdataat:!1,relative; content:"157.230.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164699/; classtype:trojan-activity;sid:81027799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carnagei586"; http_uri; depth:12; isdataat:!1,relative; content:"157.230.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164700/; classtype:trojan-activity;sid:81027800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carnagei686"; http_uri; depth:12; isdataat:!1,relative; content:"157.230.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164698/; classtype:trojan-activity;sid:81027798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carnagesh4"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164697/; classtype:trojan-activity;sid:81027797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carnagearm6"; http_uri; depth:12; isdataat:!1,relative; content:"157.230.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164696/; classtype:trojan-activity;sid:81027796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carnagemipsel"; http_uri; depth:14; isdataat:!1,relative; content:"157.230.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164695/; classtype:trojan-activity;sid:81027795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carnagem68k"; http_uri; depth:12; isdataat:!1,relative; content:"157.230.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164693/; classtype:trojan-activity;sid:81027793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carnagesh"; http_uri; depth:10; isdataat:!1,relative; content:"157.230.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164694/; classtype:trojan-activity;sid:81027794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carnagemips"; http_uri; depth:12; isdataat:!1,relative; content:"157.230.117.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164692/; classtype:trojan-activity;sid:81027792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/echobot.i586"; http_uri; depth:13; isdataat:!1,relative; content:"185.244.25.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164691/; classtype:trojan-activity;sid:81027791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/echobot.mpsl"; http_uri; depth:13; isdataat:!1,relative; content:"185.244.25.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164690/; classtype:trojan-activity;sid:81027790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/echobot.mips"; http_uri; depth:13; isdataat:!1,relative; content:"185.244.25.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164689/; classtype:trojan-activity;sid:81027789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/echobot.i686"; http_uri; depth:13; isdataat:!1,relative; content:"185.244.25.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164687/; classtype:trojan-activity;sid:81027787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/echobot.sh4"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164688/; classtype:trojan-activity;sid:81027788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/echobot.arm5"; http_uri; depth:13; isdataat:!1,relative; content:"185.244.25.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164685/; classtype:trojan-activity;sid:81027785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/echobot.sparc"; http_uri; depth:14; isdataat:!1,relative; content:"185.244.25.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164686/; classtype:trojan-activity;sid:81027786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/echobot.arm4"; http_uri; depth:13; isdataat:!1,relative; content:"185.244.25.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164684/; classtype:trojan-activity;sid:81027784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/echobot.m68k"; http_uri; depth:13; isdataat:!1,relative; content:"185.244.25.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164683/; classtype:trojan-activity;sid:81027783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/echobot.x86"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164682/; classtype:trojan-activity;sid:81027782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nato/purchase.exe"; http_uri; depth:18; isdataat:!1,relative; content:"ruih.co.uk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164681/; classtype:trojan-activity;sid:81027781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nato/doc/purchase.doc"; http_uri; depth:22; isdataat:!1,relative; content:"ruih.co.uk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164680/; classtype:trojan-activity;sid:81027780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.x86"; http_uri; depth:14; isdataat:!1,relative; content:"68.183.115.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164679/; classtype:trojan-activity;sid:81027779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"68.183.115.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164678/; classtype:trojan-activity;sid:81027778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.arm"; http_uri; depth:14; isdataat:!1,relative; content:"68.183.115.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164677/; classtype:trojan-activity;sid:81027777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"68.183.115.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164676/; classtype:trojan-activity;sid:81027776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rift.mips"; http_uri; depth:15; isdataat:!1,relative; content:"68.183.115.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164675/; classtype:trojan-activity;sid:81027775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.spc"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164674/; classtype:trojan-activity;sid:81027774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164673/; classtype:trojan-activity;sid:81027773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164672/; classtype:trojan-activity;sid:81027772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.mips"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164671/; classtype:trojan-activity;sid:81027771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164670/; classtype:trojan-activity;sid:81027770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164669/; classtype:trojan-activity;sid:81027769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164668/; classtype:trojan-activity;sid:81027768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164667/; classtype:trojan-activity;sid:81027767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.arm"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164666/; classtype:trojan-activity;sid:81027766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164665/; classtype:trojan-activity;sid:81027765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vb/amakano.x86"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.210.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164664/; classtype:trojan-activity;sid:81027764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vb/amakano.mpsl"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.210.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164663/; classtype:trojan-activity;sid:81027763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vb/amakano.mips"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.210.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164662/; classtype:trojan-activity;sid:81027762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vb/amakano.arm5"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.210.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164661/; classtype:trojan-activity;sid:81027761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vb/amakano.arm"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.210.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164660/; classtype:trojan-activity;sid:81027760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zss/cb.com"; http_uri; depth:11; isdataat:!1,relative; content:"lifecareinstruments.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164659/; classtype:trojan-activity;sid:81027759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/data.exe"; http_uri; depth:15; isdataat:!1,relative; content:"adobe-flash-player.pro"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164658/; classtype:trojan-activity;sid:81027758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; content:"185.244.25.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164657/; classtype:trojan-activity;sid:81027757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164656/; classtype:trojan-activity;sid:81027756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164655/; classtype:trojan-activity;sid:81027755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164654/; classtype:trojan-activity;sid:81027754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; content:"185.244.25.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164653/; classtype:trojan-activity;sid:81027753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"185.244.25.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164652/; classtype:trojan-activity;sid:81027752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"185.244.25.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164651/; classtype:trojan-activity;sid:81027751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164650/; classtype:trojan-activity;sid:81027750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"185.244.25.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164649/; classtype:trojan-activity;sid:81027749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/exec/cookie_crimes.exe"; http_uri; depth:23; isdataat:!1,relative; content:"163.172.147.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164646/; classtype:trojan-activity;sid:81027746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/exec/dwm.exe"; http_uri; depth:13; isdataat:!1,relative; content:"163.172.147.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164647/; classtype:trojan-activity;sid:81027747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/exec/lol/config.exe"; http_uri; depth:20; isdataat:!1,relative; content:"163.172.147.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164648/; classtype:trojan-activity;sid:81027748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scr/metakbase.txt"; http_uri; depth:18; isdataat:!1,relative; content:"163.172.147.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164644/; classtype:trojan-activity;sid:81027744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scr/ninja.ps1"; http_uri; depth:14; isdataat:!1,relative; content:"163.172.147.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164645/; classtype:trojan-activity;sid:81027745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scr/bot.ps1"; http_uri; depth:12; isdataat:!1,relative; content:"163.172.147.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164640/; classtype:trojan-activity;sid:81027740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scr/bptest.ps1"; http_uri; depth:15; isdataat:!1,relative; content:"163.172.147.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164641/; classtype:trojan-activity;sid:81027741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scr/ibomb.ps1"; http_uri; depth:14; isdataat:!1,relative; content:"163.172.147.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164642/; classtype:trojan-activity;sid:81027742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scr/met2.ps1"; http_uri; depth:13; isdataat:!1,relative; content:"163.172.147.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164643/; classtype:trojan-activity;sid:81027743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ngcode.exe"; http_uri; depth:11; isdataat:!1,relative; content:"206.189.174.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164639/; classtype:trojan-activity;sid:81027739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/win/29420_dmaster.exe"; http_uri; depth:22; isdataat:!1,relative; content:"ware.ru"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164638/; classtype:trojan-activity;sid:81027738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smk.exe"; http_uri; depth:8; isdataat:!1,relative; content:"starterpacks.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164637/; classtype:trojan-activity;sid:81027737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/win/26033_aspmonitor-0-15-install.exe"; http_uri; depth:38; isdataat:!1,relative; content:"ware.ru"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164636/; classtype:trojan-activity;sid:81027736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.x86"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164635/; classtype:trojan-activity;sid:81027735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/smk.exe"; http_uri; depth:8; isdataat:!1,relative; content:"www.starterpacks.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164634/; classtype:trojan-activity;sid:81027734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chromesetup.exe"; http_uri; depth:16; isdataat:!1,relative; content:"www.giallosugiallo.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164633/; classtype:trojan-activity;sid:81027733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; content:"142.93.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164632/; classtype:trojan-activity;sid:81027732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"176.40.104.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164631/; classtype:trojan-activity;sid:81027731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; content:"142.93.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164630/; classtype:trojan-activity;sid:81027730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; content:"142.93.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164628/; classtype:trojan-activity;sid:81027728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; content:"142.93.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164629/; classtype:trojan-activity;sid:81027729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; content:"142.93.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164627/; classtype:trojan-activity;sid:81027727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; content:"142.93.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164626/; classtype:trojan-activity;sid:81027726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm"; http_uri; depth:17; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164625/; classtype:trojan-activity;sid:81027725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.sh4"; http_uri; depth:17; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164624/; classtype:trojan-activity;sid:81027724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; content:"142.93.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164623/; classtype:trojan-activity;sid:81027723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"201.143.253.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164622/; classtype:trojan-activity;sid:81027722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; content:"142.93.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164621/; classtype:trojan-activity;sid:81027721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; content:"142.93.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164619/; classtype:trojan-activity;sid:81027719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; content:"142.93.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164618/; classtype:trojan-activity;sid:81027718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; content:"142.93.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164620/; classtype:trojan-activity;sid:81027720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; content:"142.93.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164617/; classtype:trojan-activity;sid:81027717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; content:"142.93.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164616/; classtype:trojan-activity;sid:81027716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.mips"; http_uri; depth:18; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164615/; classtype:trojan-activity;sid:81027715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/b/bkay.exe"; http_uri; depth:11; isdataat:!1,relative; content:"ruih.co.uk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164614/; classtype:trojan-activity;sid:81027714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ti/purchaseorder.exe"; http_uri; depth:21; isdataat:!1,relative; content:"redlogisticsmaroc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164613/; classtype:trojan-activity;sid:81027713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/effmnwe.exe"; http_uri; depth:12; isdataat:!1,relative; content:"recovery.acci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164612/; classtype:trojan-activity;sid:81027712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/win/14779_setup_opl.exe"; http_uri; depth:24; isdataat:!1,relative; content:"ware.ru"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164611/; classtype:trojan-activity;sid:81027711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/laciecool93/bonus.pdf.exe"; http_uri; depth:26; isdataat:!1,relative; content:"www.juzsmile.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164610/; classtype:trojan-activity;sid:81027710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164609/; classtype:trojan-activity;sid:81027709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"1.54.54.4"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164608/; classtype:trojan-activity;sid:81027708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.arm"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.231.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164607/; classtype:trojan-activity;sid:81027707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164606/; classtype:trojan-activity;sid:81027706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.ppc"; http_uri; depth:17; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164605/; classtype:trojan-activity;sid:81027705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164604/; classtype:trojan-activity;sid:81027704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164603/; classtype:trojan-activity;sid:81027703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm5"; http_uri; depth:12; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164602/; classtype:trojan-activity;sid:81027702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.accounts.resourses.net"; http_uri; depth:36; isdataat:!1,relative; content:"modoutlet.club"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164601/; classtype:trojan-activity;sid:81027701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm"; http_uri; depth:14; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164600/; classtype:trojan-activity;sid:81027700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/data/smarty/config/msg.jpg"; http_uri; depth:27; isdataat:!1,relative; content:"store.sensyu.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164599/; classtype:trojan-activity;sid:81027699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/conquer.png"; http_uri; depth:12; isdataat:!1,relative; content:"maketheswitch.ca"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164598/; classtype:trojan-activity;sid:81027698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164597/; classtype:trojan-activity;sid:81027697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.mips"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.231.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164595/; classtype:trojan-activity;sid:81027695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm6"; http_uri; depth:12; isdataat:!1,relative; content:"46.101.247.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164596/; classtype:trojan-activity;sid:81027696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tuan"; http_uri; depth:5; isdataat:!1,relative; content:"167.99.203.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164594/; classtype:trojan-activity;sid:81027694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164593/; classtype:trojan-activity;sid:81027693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/auth/lc.exe"; http_uri; depth:12; isdataat:!1,relative; content:"asreklam.az"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164592/; classtype:trojan-activity;sid:81027692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wapp/purchaseorder.exe"; http_uri; depth:23; isdataat:!1,relative; content:"ruih.co.uk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164591/; classtype:trojan-activity;sid:81027691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wapp/doc/purchase.doc"; http_uri; depth:22; isdataat:!1,relative; content:"ruih.co.uk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164590/; classtype:trojan-activity;sid:81027690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xps.exe"; http_uri; depth:8; isdataat:!1,relative; content:"jaeger-automotive.cf"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164589/; classtype:trojan-activity;sid:81027689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.ppc"; http_uri; depth:11; isdataat:!1,relative; content:"46.101.247.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164588/; classtype:trojan-activity;sid:81027688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.i586"; http_uri; depth:12; isdataat:!1,relative; content:"46.101.247.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164587/; classtype:trojan-activity;sid:81027687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164586/; classtype:trojan-activity;sid:81027686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/flix"; http_uri; depth:5; isdataat:!1,relative; content:"167.99.203.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164585/; classtype:trojan-activity;sid:81027685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sky2.exe"; http_uri; depth:9; isdataat:!1,relative; content:"206.189.174.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164584/; classtype:trojan-activity;sid:81027684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164583/; classtype:trojan-activity;sid:81027683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"23.254.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164582/; classtype:trojan-activity;sid:81027682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/grape"; http_uri; depth:6; isdataat:!1,relative; content:"167.99.203.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164581/; classtype:trojan-activity;sid:81027681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164580/; classtype:trojan-activity;sid:81027680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.231.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164579/; classtype:trojan-activity;sid:81027679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.arm4"; http_uri; depth:12; isdataat:!1,relative; content:"46.101.247.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164578/; classtype:trojan-activity;sid:81027678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x86"; http_uri; depth:10; isdataat:!1,relative; content:"104.248.224.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164576/; classtype:trojan-activity;sid:81027676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/water"; http_uri; depth:6; isdataat:!1,relative; content:"167.99.203.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164577/; classtype:trojan-activity;sid:81027677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.231.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164575/; classtype:trojan-activity;sid:81027675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x86"; http_uri; depth:10; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164573/; classtype:trojan-activity;sid:81027673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/syn"; http_uri; depth:4; isdataat:!1,relative; content:"167.99.203.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164574/; classtype:trojan-activity;sid:81027674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.224.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164572/; classtype:trojan-activity;sid:81027672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.224.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164571/; classtype:trojan-activity;sid:81027671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164569/; classtype:trojan-activity;sid:81027669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.sh4"; http_uri; depth:11; isdataat:!1,relative; content:"46.101.247.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164570/; classtype:trojan-activity;sid:81027670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"104.248.224.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164568/; classtype:trojan-activity;sid:81027668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.231.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164567/; classtype:trojan-activity;sid:81027667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/berry"; http_uri; depth:6; isdataat:!1,relative; content:"167.99.203.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164566/; classtype:trojan-activity;sid:81027666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blizzy/doc/purchase.doc"; http_uri; depth:24; isdataat:!1,relative; content:"redlogisticsmaroc.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164565/; classtype:trojan-activity;sid:81027665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.x86"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.231.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164564/; classtype:trojan-activity;sid:81027664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bin_protected.exe"; http_uri; depth:18; isdataat:!1,relative; content:"vvangsu.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164563/; classtype:trojan-activity;sid:81027663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.231.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164562/; classtype:trojan-activity;sid:81027662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i686"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164561/; classtype:trojan-activity;sid:81027661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164560/; classtype:trojan-activity;sid:81027660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i686"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.224.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164559/; classtype:trojan-activity;sid:81027659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.m68k"; http_uri; depth:12; isdataat:!1,relative; content:"46.101.247.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164558/; classtype:trojan-activity;sid:81027658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mips"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.224.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164557/; classtype:trojan-activity;sid:81027657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164556/; classtype:trojan-activity;sid:81027656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.224.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164555/; classtype:trojan-activity;sid:81027655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/roose"; http_uri; depth:6; isdataat:!1,relative; content:"167.99.203.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164554/; classtype:trojan-activity;sid:81027654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"23.254.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164553/; classtype:trojan-activity;sid:81027653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.224.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164551/; classtype:trojan-activity;sid:81027651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x32"; http_uri; depth:11; isdataat:!1,relative; content:"46.101.247.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164552/; classtype:trojan-activity;sid:81027652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pie"; http_uri; depth:4; isdataat:!1,relative; content:"167.99.203.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164550/; classtype:trojan-activity;sid:81027650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm7"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.224.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164548/; classtype:trojan-activity;sid:81027648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mpsl"; http_uri; depth:12; isdataat:!1,relative; content:"46.101.247.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164549/; classtype:trojan-activity;sid:81027649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/popper"; http_uri; depth:7; isdataat:!1,relative; content:"167.99.203.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164547/; classtype:trojan-activity;sid:81027647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.231.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164546/; classtype:trojan-activity;sid:81027646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164545/; classtype:trojan-activity;sid:81027645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.231.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164544/; classtype:trojan-activity;sid:81027644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"104.248.224.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164543/; classtype:trojan-activity;sid:81027643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"23.254.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164542/; classtype:trojan-activity;sid:81027642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yakuza.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.231.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164540/; classtype:trojan-activity;sid:81027640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.x86"; http_uri; depth:11; isdataat:!1,relative; content:"46.101.247.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164541/; classtype:trojan-activity;sid:81027641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/[cpu]"; http_uri; depth:6; isdataat:!1,relative; content:"23.254.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164539/; classtype:trojan-activity;sid:81027639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"157.230.174.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164538/; classtype:trojan-activity;sid:81027638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yakuza.mips"; http_uri; depth:12; isdataat:!1,relative; content:"46.101.247.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164537/; classtype:trojan-activity;sid:81027637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i586"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.224.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164536/; classtype:trojan-activity;sid:81027636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"23.254.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164535/; classtype:trojan-activity;sid:81027635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"23.254.226.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164534/; classtype:trojan-activity;sid:81027634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mpsl"; http_uri; depth:22; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164533/; classtype:trojan-activity;sid:81027633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"104.248.224.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164532/; classtype:trojan-activity;sid:81027632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.mips"; http_uri; depth:15; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164531/; classtype:trojan-activity;sid:81027631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164530/; classtype:trojan-activity;sid:81027630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.x86"; http_uri; depth:14; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164529/; classtype:trojan-activity;sid:81027629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/frozenwifi.i686"; http_uri; depth:16; isdataat:!1,relative; content:"185.244.25.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164527/; classtype:trojan-activity;sid:81027627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/frozenwifi.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"185.244.25.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164528/; classtype:trojan-activity;sid:81027628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/frozenwifi.x86"; http_uri; depth:15; isdataat:!1,relative; content:"185.244.25.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164526/; classtype:trojan-activity;sid:81027626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/frozenwifi.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"185.244.25.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164524/; classtype:trojan-activity;sid:81027624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/frozenwifi.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"185.244.25.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164525/; classtype:trojan-activity;sid:81027625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/frozenwifi.mips"; http_uri; depth:16; isdataat:!1,relative; content:"185.244.25.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164523/; classtype:trojan-activity;sid:81027623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.accounts.docs.com/"; http_uri; depth:35; isdataat:!1,relative; content:"babycool.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164522/; classtype:trojan-activity;sid:81027622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164521/; classtype:trojan-activity;sid:81027621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164520/; classtype:trojan-activity;sid:81027620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164519/; classtype:trojan-activity;sid:81027619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164518/; classtype:trojan-activity;sid:81027618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm6"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.79.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164517/; classtype:trojan-activity;sid:81027617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.m68k"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.79.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164516/; classtype:trojan-activity;sid:81027616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164515/; classtype:trojan-activity;sid:81027615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164514/; classtype:trojan-activity;sid:81027614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164513/; classtype:trojan-activity;sid:81027613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164511/; classtype:trojan-activity;sid:81027611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164512/; classtype:trojan-activity;sid:81027612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164509/; classtype:trojan-activity;sid:81027609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.x86"; http_uri; depth:14; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164510/; classtype:trojan-activity;sid:81027610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164508/; classtype:trojan-activity;sid:81027608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.sh4"; http_uri; depth:21; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164506/; classtype:trojan-activity;sid:81027606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.ppc"; http_uri; depth:17; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164507/; classtype:trojan-activity;sid:81027607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.x86"; http_uri; depth:11; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164505/; classtype:trojan-activity;sid:81027605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164504/; classtype:trojan-activity;sid:81027604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164502/; classtype:trojan-activity;sid:81027602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.mips"; http_uri; depth:15; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164503/; classtype:trojan-activity;sid:81027603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164501/; classtype:trojan-activity;sid:81027601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164500/; classtype:trojan-activity;sid:81027600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.mips"; http_uri; depth:22; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164498/; classtype:trojan-activity;sid:81027598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164499/; classtype:trojan-activity;sid:81027599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.mips"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164497/; classtype:trojan-activity;sid:81027597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164496/; classtype:trojan-activity;sid:81027596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164495/; classtype:trojan-activity;sid:81027595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164494/; classtype:trojan-activity;sid:81027594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.sh4"; http_uri; depth:17; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164493/; classtype:trojan-activity;sid:81027593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.x86"; http_uri; depth:17; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164492/; classtype:trojan-activity;sid:81027592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.m68k"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164490/; classtype:trojan-activity;sid:81027590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164491/; classtype:trojan-activity;sid:81027591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164489/; classtype:trojan-activity;sid:81027589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/momentum.mipsel"; http_uri; depth:16; isdataat:!1,relative; content:"45.67.14.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164488/; classtype:trojan-activity;sid:81027588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164487/; classtype:trojan-activity;sid:81027587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164486/; classtype:trojan-activity;sid:81027586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.x86"; http_uri; depth:21; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164485/; classtype:trojan-activity;sid:81027585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.sh4"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.79.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164484/; classtype:trojan-activity;sid:81027584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.mips"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.79.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164483/; classtype:trojan-activity;sid:81027583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.ppc"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.79.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164482/; classtype:trojan-activity;sid:81027582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.arm7"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.79.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164481/; classtype:trojan-activity;sid:81027581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164480/; classtype:trojan-activity;sid:81027580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164479/; classtype:trojan-activity;sid:81027579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/download/inv/iccpf-da_xvwynpd-4fs/"; http_uri; depth:46; isdataat:!1,relative; content:"mwfurniture.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164478/; classtype:trojan-activity;sid:81027578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.accounts.resourses.net/"; http_uri; depth:37; isdataat:!1,relative; content:"modoutlet.club"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164477/; classtype:trojan-activity;sid:81027577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stories/secure.myaccount.docs.com/"; http_uri; depth:35; isdataat:!1,relative; content:"www.storiesdesired.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164476/; classtype:trojan-activity;sid:81027576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.myaccount.send.net/"; http_uri; depth:38; isdataat:!1,relative; content:"www.danataifco.ir"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164475/; classtype:trojan-activity;sid:81027575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.accounts.resourses.net/"; http_uri; depth:37; isdataat:!1,relative; content:"modoutlet.club"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164474/; classtype:trojan-activity;sid:81027574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/updateprofile-0315.exe"; http_uri; depth:27; isdataat:!1,relative; content:"nadequalif.club"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164473/; classtype:trojan-activity;sid:81027573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm"; http_uri; depth:17; isdataat:!1,relative; content:"185.244.25.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164471/; classtype:trojan-activity;sid:81027571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm"; http_uri; depth:14; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164472/; classtype:trojan-activity;sid:81027572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"177.82.96.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164470/; classtype:trojan-activity;sid:81027570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"193.56.28.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164469/; classtype:trojan-activity;sid:81027569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164468/; classtype:trojan-activity;sid:81027568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164467/; classtype:trojan-activity;sid:81027567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/winboxscan-0213.exe"; http_uri; depth:24; isdataat:!1,relative; content:"nadequalif.club"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164466/; classtype:trojan-activity;sid:81027566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164465/; classtype:trojan-activity;sid:81027565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chat/cwr64.exe"; http_uri; depth:15; isdataat:!1,relative; content:"cw4u.free.fr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164464/; classtype:trojan-activity;sid:81027564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/vc-0206.exe"; http_uri; depth:16; isdataat:!1,relative; content:"nadequalif.club"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164463/; classtype:trojan-activity;sid:81027563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm"; http_uri; depth:11; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164462/; classtype:trojan-activity;sid:81027562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164461/; classtype:trojan-activity;sid:81027561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/watchdog.exe"; http_uri; depth:17; isdataat:!1,relative; content:"nadequalif.club"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164460/; classtype:trojan-activity;sid:81027560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/partage/server4.exe"; http_uri; depth:20; isdataat:!1,relative; content:"avinash1.free.fr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164459/; classtype:trojan-activity;sid:81027559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164458/; classtype:trojan-activity;sid:81027558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.m68k"; http_uri; depth:18; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164457/; classtype:trojan-activity;sid:81027557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tvgyasmev5gmk49l/lsa64install.exe"; http_uri; depth:34; isdataat:!1,relative; content:"nadequalif.club"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164456/; classtype:trojan-activity;sid:81027556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/vc.exe"; http_uri; depth:11; isdataat:!1,relative; content:"nadequalif.club"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164455/; classtype:trojan-activity;sid:81027555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/banquefsec/banquefr.exe"; http_uri; depth:24; isdataat:!1,relative; content:"u336211fzm.ha002.t.justns.ru"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164454/; classtype:trojan-activity;sid:81027554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sendincsecure/service/verif/en_en/201903/"; http_uri; depth:53; isdataat:!1,relative; content:"kickykart.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164453/; classtype:trojan-activity;sid:81027553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/sec.myaccount.resourses.com/"; http_uri; depth:37; isdataat:!1,relative; content:"www.grupoaro.com.co"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164452/; classtype:trojan-activity;sid:81027552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nwfraum/trust.myaccount.send.com/"; http_uri; depth:34; isdataat:!1,relative; content:"www.gescoworld.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164451/; classtype:trojan-activity;sid:81027551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dzxts-os3jd_aakpxscgi-mo/verif.myacc.send.biz/"; http_uri; depth:47; isdataat:!1,relative; content:"theshowzone.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164450/; classtype:trojan-activity;sid:81027550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c2nkrlt/gv1cf-k5tp3s-ktndifn/"; http_uri; depth:30; isdataat:!1,relative; content:"horseshows.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164449/; classtype:trojan-activity;sid:81027549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rylawpc/yg9o-1q4hhq-etsozwiv/"; http_uri; depth:30; isdataat:!1,relative; content:"ksoncrossfit.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164448/; classtype:trojan-activity;sid:81027548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lunh-svvld-wycr/"; http_uri; depth:29; isdataat:!1,relative; content:"ilimler.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164447/; classtype:trojan-activity;sid:81027547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/9e1a-2guide-eojv/"; http_uri; depth:30; isdataat:!1,relative; content:"geoclimachillers.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164446/; classtype:trojan-activity;sid:81027546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/en/file/invoice_notice/hpzd-3cqys_xdhpnfjg-8e/"; http_uri; depth:56; isdataat:!1,relative; content:"dealsammler.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164445/; classtype:trojan-activity;sid:81027545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/document/655951571557/ikmm-cdg_mnwp-vq/"; http_uri; depth:51; isdataat:!1,relative; content:"www.megaloexpress.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164444/; classtype:trojan-activity;sid:81027544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/verif.myaccount.docs.biz/"; http_uri; depth:45; isdataat:!1,relative; content:"yos.inonu.edu.tr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164443/; classtype:trojan-activity;sid:81027543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/trust.accs.docs.biz/"; http_uri; depth:40; isdataat:!1,relative; content:"yelarsan.es"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164442/; classtype:trojan-activity;sid:81027542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.accs.resourses.biz/"; http_uri; depth:38; isdataat:!1,relative; content:"xn--e1asabbgiee9g.xn--p1ai"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164441/; classtype:trojan-activity;sid:81027541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sec.accounts.resourses.biz/"; http_uri; depth:39; isdataat:!1,relative; content:"www.form8.sadek-webdesigner.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164440/; classtype:trojan-activity;sid:81027540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.accounts.resourses.biz/"; http_uri; depth:42; isdataat:!1,relative; content:"www.form7.sadek-webdesigner.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164439/; classtype:trojan-activity;sid:81027539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/trust.accounts.send.com/"; http_uri; depth:34; isdataat:!1,relative; content:"www.5ibet365.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164438/; classtype:trojan-activity;sid:81027538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mail.wirasaba.com/secure.accs.send.com/"; http_uri; depth:40; isdataat:!1,relative; content:"wirasaba.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164437/; classtype:trojan-activity;sid:81027537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/connections/trust.accounts.resourses.net/"; http_uri; depth:42; isdataat:!1,relative; content:"webtvset.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164436/; classtype:trojan-activity;sid:81027536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stylesl/trust.accounts.resourses.net/"; http_uri; depth:38; isdataat:!1,relative; content:"vasistagowthamipyramid.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164435/; classtype:trojan-activity;sid:81027535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.accounts.resourses.biz/"; http_uri; depth:40; isdataat:!1,relative; content:"uommamnhancach.edu.vn"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164434/; classtype:trojan-activity;sid:81027534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pdcooc9/sec.accs.send.com/"; http_uri; depth:27; isdataat:!1,relative; content:"tubepsango.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164433/; classtype:trojan-activity;sid:81027533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.accs.resourses.biz/"; http_uri; depth:38; isdataat:!1,relative; content:"tongtongbaby.us"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164432/; classtype:trojan-activity;sid:81027532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/sec.accounts.resourses.biz/"; http_uri; depth:33; isdataat:!1,relative; content:"thebirks.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164430/; classtype:trojan-activity;sid:81027530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/db3ii9k/sec.myaccount.send.net/"; http_uri; depth:32; isdataat:!1,relative; content:"tk-lovech.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164431/; classtype:trojan-activity;sid:81027531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.accounts.resourses.net/"; http_uri; depth:42; isdataat:!1,relative; content:"test.capsule-life.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164429/; classtype:trojan-activity;sid:81027529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pictures/trust.myacc.resourses.com/"; http_uri; depth:36; isdataat:!1,relative; content:"superkarting-uk.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164428/; classtype:trojan-activity;sid:81027528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/stories/secure.myaccount.docs.com/"; http_uri; depth:35; isdataat:!1,relative; content:"storiesdesired.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164427/; classtype:trojan-activity;sid:81027527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/f8rtr3z/trust.accounts.docs.net/"; http_uri; depth:33; isdataat:!1,relative; content:"spp.co.id"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164426/; classtype:trojan-activity;sid:81027526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xd6re7a/scan/verif.myaccount.resourses.com/"; http_uri; depth:44; isdataat:!1,relative; content:"ppusvjetlost.com.ba"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164424/; classtype:trojan-activity;sid:81027524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/en/file/39620331/vafd-xrmo_olqvjkr-ks/"; http_uri; depth:48; isdataat:!1,relative; content:"www.muestraweb.thinkingondemand.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164425/; classtype:trojan-activity;sid:81027525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/secure.accounts.docs.biz/"; http_uri; depth:28; isdataat:!1,relative; content:"frame25-dev.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164423/; classtype:trojan-activity;sid:81027523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/en/download/new_invoice/991966022/psbv-ffget_g-0vh/"; http_uri; depth:63; isdataat:!1,relative; content:"www.ibustan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164422/; classtype:trojan-activity;sid:81027522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/corporation/new_invoice/gweeb-cnsf_lp-cxi/"; http_uri; depth:54; isdataat:!1,relative; content:"www.ephraimmaina.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164421/; classtype:trojan-activity;sid:81027521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/us/document/cjpzm-8gj_rp-zl/"; http_uri; depth:32; isdataat:!1,relative; content:"www.alfomindomitrasukses.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164420/; classtype:trojan-activity;sid:81027520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dev3/en_us/new_invoice/cqpld-gp_smykqq-rkm/"; http_uri; depth:44; isdataat:!1,relative; content:"tacticsco.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164419/; classtype:trojan-activity;sid:81027519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/copy_invoice/ukiu-bnap_vbostiyy-ikq/"; http_uri; depth:42; isdataat:!1,relative; content:"www.daemconcepcion.cl"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164418/; classtype:trojan-activity;sid:81027518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/scan/invoice_number/xuzk-mtus_fpfmnu-qia/"; http_uri; depth:47; isdataat:!1,relative; content:"www.daemconcepcion.cl"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164417/; classtype:trojan-activity;sid:81027517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dummy/en/company/new_invoice/294061177/dabzj-thhns_acoxqlch-hro/"; http_uri; depth:65; isdataat:!1,relative; content:"www.elegantauto.lt"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164416/; classtype:trojan-activity;sid:81027516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sec.myaccount.send.biz/"; http_uri; depth:36; isdataat:!1,relative; content:"srivanividyalaya.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164415/; classtype:trojan-activity;sid:81027515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/company/7534046/zinm-0psit_wm-jt/"; http_uri; depth:38; isdataat:!1,relative; content:"www.cevdetozturk.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164414/; classtype:trojan-activity;sid:81027514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/db3ii9k/sec.myaccount.send.net"; http_uri; depth:31; isdataat:!1,relative; content:"tk-lovech.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164412/; classtype:trojan-activity;sid:81027512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.accs.resourses.biz"; http_uri; depth:37; isdataat:!1,relative; content:"xn--e1asabbgiee9g.xn--p1ai"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164413/; classtype:trojan-activity;sid:81027513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mhjisei3p/en_us/file/new_invoice/wgkwd-xnjx4_z-4h/"; http_uri; depth:51; isdataat:!1,relative; content:"www.91fhb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164411/; classtype:trojan-activity;sid:81027511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.myaccount.resourses.biz/"; http_uri; depth:43; isdataat:!1,relative; content:"tkbhaktimulya.web.id"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164410/; classtype:trojan-activity;sid:81027510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/sec.myacc.send.net/"; http_uri; depth:39; isdataat:!1,relative; content:"test.globallean.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164409/; classtype:trojan-activity;sid:81027509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/company/69085359229/lyii-r1k_wws-el/"; http_uri; depth:49; isdataat:!1,relative; content:"www.adonis.com.bd"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164408/; classtype:trojan-activity;sid:81027508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/new_invoice/gawno-df_kkypva-cw/"; http_uri; depth:47; isdataat:!1,relative; content:"holon.co.il"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164407/; classtype:trojan-activity;sid:81027507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/en_us/doc/new_invoice/496524996/vssl-bjl_rkwme-pi/"; http_uri; depth:60; isdataat:!1,relative; content:"vinhomeswestpoint-doducduc.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164406/; classtype:trojan-activity;sid:81027506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/en/invoice_number/ndxxa-82k_ob-aop/"; http_uri; depth:48; isdataat:!1,relative; content:"winthegame.cba.pl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_23; reference:url, urlhaus.abuse.ch/url/164405/; classtype:trojan-activity;sid:81027505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/en_en/info/copy_invoice/rjshv-4x_oi-wv6/"; http_uri; depth:49; isdataat:!1,relative; content:"waservices.uk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164404/; classtype:trojan-activity;sid:81027504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/en/scan/copy_invoice/bmluk-yfuor_aqmnd-5kd/"; http_uri; depth:52; isdataat:!1,relative; content:"visionmaker.pt"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164403/; classtype:trojan-activity;sid:81027503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/en/document/juja-g2q_lw-eyx/"; http_uri; depth:40; isdataat:!1,relative; content:"shophaimy.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164402/; classtype:trojan-activity;sid:81027502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jde/file/wmuac-r85hu_mouqo-dyu/"; http_uri; depth:32; isdataat:!1,relative; content:"180-degree.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164401/; classtype:trojan-activity;sid:81027501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mincpke/gtkiw-4tf_krvrebtvs-xf0/"; http_uri; depth:33; isdataat:!1,relative; content:"the1sissycuckold.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164400/; classtype:trojan-activity;sid:81027500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/xerox/5669415165952/koqv-am_cnlj-ne/"; http_uri; depth:46; isdataat:!1,relative; content:"www.zf768.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164399/; classtype:trojan-activity;sid:81027499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/slade/scan/new_invoice/jujr-hr9u_b-g4/"; http_uri; depth:39; isdataat:!1,relative; content:"shapeshifters.net.nz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164398/; classtype:trojan-activity;sid:81027498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/en_us/inv/dxsc-lej_rrm-ykv/"; http_uri; depth:34; isdataat:!1,relative; content:"shagua.name"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164397/; classtype:trojan-activity;sid:81027497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/us/unru-9ow_llplwnedz-g7/"; http_uri; depth:32; isdataat:!1,relative; content:"shagua.name"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164396/; classtype:trojan-activity;sid:81027496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/en_us/scan/invoice/5730316225081/welmw-knj_muhf-djz/"; http_uri; depth:72; isdataat:!1,relative; content:"technoites.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164395/; classtype:trojan-activity;sid:81027495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/en_en/jeaa-im_b-wpx/"; http_uri; depth:30; isdataat:!1,relative; content:"dailynuochoacharme.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164394/; classtype:trojan-activity;sid:81027494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/en/scan/copy_invoice/wrna-az_wkfwcfchf-j5/"; http_uri; depth:52; isdataat:!1,relative; content:"sanliurfa.gaziantepfirsat.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164393/; classtype:trojan-activity;sid:81027493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/corporation/new_invoice/22758867047/slvf-plp_ko-scd/"; http_uri; depth:72; isdataat:!1,relative; content:"inclusao.enap.gov.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164392/; classtype:trojan-activity;sid:81027492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/adad-0fe8t_bdqpaxznf-qb/"; http_uri; depth:36; isdataat:!1,relative; content:"ticket2go.by"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164391/; classtype:trojan-activity;sid:81027491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/us_us/llc/copy_invoice/npjo-eb5o_wwube-zi/"; http_uri; depth:52; isdataat:!1,relative; content:"techsolutionit.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164390/; classtype:trojan-activity;sid:81027490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/en_us/company/new_invoice/xlnvb-rrue_nmeruvm-gkx/"; http_uri; depth:59; isdataat:!1,relative; content:"tavrprocedure.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164389/; classtype:trojan-activity;sid:81027489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ganbmxe/document/invoice_number/oommz-dzi_doghv-95/"; http_uri; depth:52; isdataat:!1,relative; content:"teamintune.lk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164388/; classtype:trojan-activity;sid:81027488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/en_en/invoice/3456507/wdmrt-hph_tqxmizdl-go/"; http_uri; depth:64; isdataat:!1,relative; content:"wzydw.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164387/; classtype:trojan-activity;sid:81027487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/corporation/copy_invoice/xlgb-muf3_jns-a3/"; http_uri; depth:51; isdataat:!1,relative; content:"sumeruhospital.org.np"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164386/; classtype:trojan-activity;sid:81027486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164385/; classtype:trojan-activity;sid:81027485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/owari.x86"; http_uri; depth:15; isdataat:!1,relative; content:"134.209.79.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164384/; classtype:trojan-activity;sid:81027484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/download/inv/yodj-8ddde_re-hm/"; http_uri; depth:39; isdataat:!1,relative; content:"techaids.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164383/; classtype:trojan-activity;sid:81027483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm5"; http_uri; depth:22; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164382/; classtype:trojan-activity;sid:81027482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/trust.accs.docs.net"; http_uri; depth:31; isdataat:!1,relative; content:"quadkits.combinedfashions.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164381/; classtype:trojan-activity;sid:81027481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164380/; classtype:trojan-activity;sid:81027480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/us_us/file/copy_invoice/sdcjp-cp88_plclhgmpb-4x/"; http_uri; depth:60; isdataat:!1,relative; content:"s-vrach.com.ua"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164379/; classtype:trojan-activity;sid:81027479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lighterbox2optimized/trust.myaccount.resourses.com/"; http_uri; depth:52; isdataat:!1,relative; content:"spartanproducts.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164378/; classtype:trojan-activity;sid:81027478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164377/; classtype:trojan-activity;sid:81027477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm7"; http_uri; depth:12; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164376/; classtype:trojan-activity;sid:81027476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.arm"; http_uri; depth:11; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164375/; classtype:trojan-activity;sid:81027475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.ppc"; http_uri; depth:17; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164374/; classtype:trojan-activity;sid:81027474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164373/; classtype:trojan-activity;sid:81027473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164372/; classtype:trojan-activity;sid:81027472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm7"; http_uri; depth:22; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164371/; classtype:trojan-activity;sid:81027471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164370/; classtype:trojan-activity;sid:81027470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164369/; classtype:trojan-activity;sid:81027469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164368/; classtype:trojan-activity;sid:81027468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164367/; classtype:trojan-activity;sid:81027467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164366/; classtype:trojan-activity;sid:81027466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164365/; classtype:trojan-activity;sid:81027465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.m68k"; http_uri; depth:22; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164364/; classtype:trojan-activity;sid:81027464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164363/; classtype:trojan-activity;sid:81027463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.mips"; http_uri; depth:18; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164362/; classtype:trojan-activity;sid:81027462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/6513368411/kfdy-bn_qzikzb-jv/"; http_uri; depth:41; isdataat:!1,relative; content:"swiss-cleaning.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164361/; classtype:trojan-activity;sid:81027461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/secure.accounts.docs.biz/"; http_uri; depth:28; isdataat:!1,relative; content:"frame25-dev.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164360/; classtype:trojan-activity;sid:81027460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/en/doc/inv/soqeu-a57c_gvilhc-vas/"; http_uri; depth:37; isdataat:!1,relative; content:"workforcesolutions.org.uk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164359/; classtype:trojan-activity;sid:81027459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164358/; classtype:trojan-activity;sid:81027458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.x86"; http_uri; depth:11; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164357/; classtype:trojan-activity;sid:81027457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.m68k"; http_uri; depth:18; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164356/; classtype:trojan-activity;sid:81027456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164355/; classtype:trojan-activity;sid:81027455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164354/; classtype:trojan-activity;sid:81027454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.x86"; http_uri; depth:17; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164353/; classtype:trojan-activity;sid:81027453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164352/; classtype:trojan-activity;sid:81027452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164351/; classtype:trojan-activity;sid:81027451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.mips"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164350/; classtype:trojan-activity;sid:81027450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/en_en/document/copy_invoice/glmo-bt_uktxwjy-fic/"; http_uri; depth:57; isdataat:!1,relative; content:"restauracja-finezja.com.pl"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164349/; classtype:trojan-activity;sid:81027449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.myacc.docs.com/"; http_uri; depth:33; isdataat:!1,relative; content:"sniper71-reborn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164348/; classtype:trojan-activity;sid:81027448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm6"; http_uri; depth:22; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164347/; classtype:trojan-activity;sid:81027447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164346/; classtype:trojan-activity;sid:81027446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164345/; classtype:trojan-activity;sid:81027445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164344/; classtype:trojan-activity;sid:81027444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164343/; classtype:trojan-activity;sid:81027443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.arm"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164342/; classtype:trojan-activity;sid:81027442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164341/; classtype:trojan-activity;sid:81027441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/en_us/doc/hyerj-oyiub_he-kh/"; http_uri; depth:41; isdataat:!1,relative; content:"sinyack.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164340/; classtype:trojan-activity;sid:81027440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dgzivlx/trust.myacc.send.net/"; http_uri; depth:30; isdataat:!1,relative; content:"sorcererguild.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164339/; classtype:trojan-activity;sid:81027439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/us_us/wemz-pxnx6_gzxirvmic-ppd/"; http_uri; depth:44; isdataat:!1,relative; content:"sinyack.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164338/; classtype:trojan-activity;sid:81027438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nope/kawaii.mips"; http_uri; depth:17; isdataat:!1,relative; content:"104.168.174.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164337/; classtype:trojan-activity;sid:81027437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm"; http_uri; depth:17; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164336/; classtype:trojan-activity;sid:81027436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"91.98.149.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164335/; classtype:trojan-activity;sid:81027435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nope/kawaii.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"104.168.174.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164334/; classtype:trojan-activity;sid:81027434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164333/; classtype:trojan-activity;sid:81027433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"192.81.213.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164332/; classtype:trojan-activity;sid:81027432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/orenji.x86"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.153.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164331/; classtype:trojan-activity;sid:81027431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164330/; classtype:trojan-activity;sid:81027430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nope/kawaii.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"104.168.174.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164329/; classtype:trojan-activity;sid:81027429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nope/kawaii.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"104.168.174.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164328/; classtype:trojan-activity;sid:81027428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nope/kawaii.arm"; http_uri; depth:16; isdataat:!1,relative; content:"104.168.174.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164327/; classtype:trojan-activity;sid:81027427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/horizon.sh4"; http_uri; depth:17; isdataat:!1,relative; content:"185.22.154.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164326/; classtype:trojan-activity;sid:81027426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.arm"; http_uri; depth:21; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164325/; classtype:trojan-activity;sid:81027425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/lmaowtf/loligang.ppc"; http_uri; depth:21; isdataat:!1,relative; content:"128.199.180.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164324/; classtype:trojan-activity;sid:81027424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.myacc.send.com/"; http_uri; depth:29; isdataat:!1,relative; content:"shopbeauty.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164323/; classtype:trojan-activity;sid:81027423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mhjisei3p/invoice_number/ocawf-kz8_shv-p7u/"; http_uri; depth:44; isdataat:!1,relative; content:"sirocomena.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164322/; classtype:trojan-activity;sid:81027422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nope/kawaii.x86"; http_uri; depth:16; isdataat:!1,relative; content:"104.168.174.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164321/; classtype:trojan-activity;sid:81027421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164320/; classtype:trojan-activity;sid:81027420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nope/kawaii.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"104.168.174.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164319/; classtype:trojan-activity;sid:81027419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nope/kawaii.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"104.168.174.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164318/; classtype:trojan-activity;sid:81027418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.174.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164317/; classtype:trojan-activity;sid:81027417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nope/kawaii.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"104.168.174.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164316/; classtype:trojan-activity;sid:81027416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nope/kawaii.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"104.168.174.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164315/; classtype:trojan-activity;sid:81027415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/trust.accounts.resourses.biz/"; http_uri; depth:38; isdataat:!1,relative; content:"softtest.lsp.goozmo.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164314/; classtype:trojan-activity;sid:81027414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/corporation/inv/yjtsd-bv_fkobl-ku/"; http_uri; depth:48; isdataat:!1,relative; content:"shopchungcu-bietthu.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164313/; classtype:trojan-activity;sid:81027413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sec.myacc.send.net/"; http_uri; depth:32; isdataat:!1,relative; content:"shoparsi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164312/; classtype:trojan-activity;sid:81027412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/trust.accounts.send.biz/"; http_uri; depth:34; isdataat:!1,relative; content:"promitprofil.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164311/; classtype:trojan-activity;sid:81027411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.accs.resourses.biz/"; http_uri; depth:38; isdataat:!1,relative; content:"sanphamgold.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164310/; classtype:trojan-activity;sid:81027410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/all-in-one-wp-migration/storage/doc/copy_invoice/469302181479406/fholy-13a_ziefba-gxe/"; http_uri; depth:106; isdataat:!1,relative; content:"netlink.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164309/; classtype:trojan-activity;sid:81027409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/partage/server3.exe"; http_uri; depth:20; isdataat:!1,relative; content:"avinash1.free.fr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164308/; classtype:trojan-activity;sid:81027408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/en/download/0106001144/kndy-ho_ooed-tt/"; http_uri; depth:49; isdataat:!1,relative; content:"skanecostad.se"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164307/; classtype:trojan-activity;sid:81027407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.myaccount.resourses.com/"; http_uri; depth:41; isdataat:!1,relative; content:"serendipityph.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164306/; classtype:trojan-activity;sid:81027406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yes-old/download/inv/fqde-p8vnk_ylibbv-whn/"; http_uri; depth:44; isdataat:!1,relative; content:"simplenetworking.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164305/; classtype:trojan-activity;sid:81027405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.accounts.send.com/"; http_uri; depth:35; isdataat:!1,relative; content:"sdsgroup.co.il"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164304/; classtype:trojan-activity;sid:81027404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/en_us/invoice_notice/rhqdc-awl_mqb-s5/"; http_uri; depth:48; isdataat:!1,relative; content:"san-lian.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164303/; classtype:trojan-activity;sid:81027403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.accs.docs.biz/"; http_uri; depth:31; isdataat:!1,relative; content:"dlink.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164302/; classtype:trojan-activity;sid:81027402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/en/xerox/copy_invoice/vdluv-bhgtl_pzzkctw-ujc/"; http_uri; depth:55; isdataat:!1,relative; content:"property-in-vietnam.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164301/; classtype:trojan-activity;sid:81027401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.myaccount.resourses.biz/"; http_uri; depth:41; isdataat:!1,relative; content:"sftw.trainingmentor.co.uk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164300/; classtype:trojan-activity;sid:81027400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9011226/cp=fowocnir-bzlvojme_8ucf_dlg9ruhaesbntiv4k4s_ghz9xqlgnrkbwjmyho8tnf8nr8os5r8fv1l7yl8inbr7qzfb-kllc8sx1akzjajr-zximilho_jeilq4hm5r2yvkham__jloewuqimzp_q0bxwldtgxgg3kmjhyopdig=/"; http_uri; depth:185; isdataat:!1,relative; content:"track.smtpsendemail.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164299/; classtype:trojan-activity;sid:81027399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2zsjmbk/company/invoice_notice/tbed-1c10c_puchsl-op/"; http_uri; depth:53; isdataat:!1,relative; content:"www.hk026.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164298/; classtype:trojan-activity;sid:81027398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/expertos/info/wcoo-atunm_cgsaphb-bd/"; http_uri; depth:37; isdataat:!1,relative; content:"gisec.com.mx"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164297/; classtype:trojan-activity;sid:81027397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/m0br4-dhj2z-yusjws/"; http_uri; depth:29; isdataat:!1,relative; content:"vrfantasy.gallery"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164296/; classtype:trojan-activity;sid:81027396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/en/iibg-1t_oonw-m8h/"; http_uri; depth:33; isdataat:!1,relative; content:"nbj.engaged.it"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164295/; classtype:trojan-activity;sid:81027395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jdownloader/scripts/pyload_stop/doc/copy_invoice/mhlo-fcamf_vwxqqwdej-ryg/"; http_uri; depth:75; isdataat:!1,relative; content:"mangaml.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164294/; classtype:trojan-activity;sid:81027394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/en_us/doc/tfrh-qhj9_dqn-g6j/"; http_uri; depth:41; isdataat:!1,relative; content:"san-enterprises.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164293/; classtype:trojan-activity;sid:81027393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/invoice_number/weuc-vl_iczrotqe-o9l/"; http_uri; depth:48; isdataat:!1,relative; content:"setka-magaz.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164292/; classtype:trojan-activity;sid:81027392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/verif.myacc.resourses.com/"; http_uri; depth:35; isdataat:!1,relative; content:"quatrina.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164291/; classtype:trojan-activity;sid:81027391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oslh4nf/en/file/19165475/pqsvy-cx2_yufsj-xl/"; http_uri; depth:45; isdataat:!1,relative; content:"247everydaysport.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164290/; classtype:trojan-activity;sid:81027390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/secure.accs.send.com/"; http_uri; depth:34; isdataat:!1,relative; content:"rsleather-intnl.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164289/; classtype:trojan-activity;sid:81027389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/trust.accs.docs.net/"; http_uri; depth:32; isdataat:!1,relative; content:"quadkits.combinedfashions.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164288/; classtype:trojan-activity;sid:81027388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mychat/scan/0608446/nmdxe-cuq3_agyz-ae/"; http_uri; depth:40; isdataat:!1,relative; content:"projectwatch.ie"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164287/; classtype:trojan-activity;sid:81027387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/4f6g1hw/file/copy_invoice/sdqwi-6d6_hszl-wk/"; http_uri; depth:45; isdataat:!1,relative; content:"pratikal.com.my"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164286/; classtype:trojan-activity;sid:81027386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.accs.send.net/"; http_uri; depth:28; isdataat:!1,relative; content:"discoverthat.com.au"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164285/; classtype:trojan-activity;sid:81027385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/en_us/xerox/qxck-4ua_vwn-0v/"; http_uri; depth:38; isdataat:!1,relative; content:"www.xseel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164284/; classtype:trojan-activity;sid:81027384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/en/mzyg-pjf_jekuqsa-bwi/"; http_uri; depth:29; isdataat:!1,relative; content:"psponto.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164283/; classtype:trojan-activity;sid:81027383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tour/images/catalog/sec.accs.docs.net/"; http_uri; depth:39; isdataat:!1,relative; content:"project.hoangnq.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164282/; classtype:trojan-activity;sid:81027382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/trust.myaccount.send.com/"; http_uri; depth:35; isdataat:!1,relative; content:"pokokhijau.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164281/; classtype:trojan-activity;sid:81027381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/us/doc/nhjmy-ykk_q-myv/"; http_uri; depth:35; isdataat:!1,relative; content:"pro-sealsolutions.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164280/; classtype:trojan-activity;sid:81027380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/en_en/file/inv/thujc-eegq9_mjaijnhq-hi/"; http_uri; depth:51; isdataat:!1,relative; content:"popart-a-la-papp.ro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164279/; classtype:trojan-activity;sid:81027379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/verif.myaccount.docs.biz/"; http_uri; depth:35; isdataat:!1,relative; content:"albus.kz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164278/; classtype:trojan-activity;sid:81027378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/corporation/new_invoice/1033530/hijmq-jo_uqgwdlyf-8e/"; http_uri; depth:54; isdataat:!1,relative; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164277/; classtype:trojan-activity;sid:81027377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.accounts.resourses.biz/"; http_uri; depth:41; isdataat:!1,relative; content:"preserved-diesels.co.uk"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164276/; classtype:trojan-activity;sid:81027376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/en_us/corporation/copy_invoice/ticm-a1s_vzaatof-q4/"; http_uri; depth:61; isdataat:!1,relative; content:"jensnet.se"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164275/; classtype:trojan-activity;sid:81027375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sec.accs.send.net/"; http_uri; depth:30; isdataat:!1,relative; content:"2013.kaunasphoto.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164274/; classtype:trojan-activity;sid:81027374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/us/info/invoice/cskis-chcg_wlptstsjk-tw/"; http_uri; depth:52; isdataat:!1,relative; content:"0dzs.comicfishing.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164273/; classtype:trojan-activity;sid:81027373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/invoice_notice/gapbd-8eqo_biv-hk/"; http_uri; depth:41; isdataat:!1,relative; content:"www.udhaiyamdhall.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164272/; classtype:trojan-activity;sid:81027372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/xerox/invoice/42628542/scwea-tv_zqqjmkr-eu/"; http_uri; depth:55; isdataat:!1,relative; content:"smartjusticeaz.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164271/; classtype:trojan-activity;sid:81027371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/icon/6pdb4-xhsyg-ttclzjitc/"; http_uri; depth:28; isdataat:!1,relative; content:"qualityansweringservice.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164270/; classtype:trojan-activity;sid:81027370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apply2/uploads/fgrxy-5ojck-hquvi/"; http_uri; depth:34; isdataat:!1,relative; content:"etprimewomenawards.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164268/; classtype:trojan-activity;sid:81027368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lunh-svvld-wycr/"; http_uri; depth:29; isdataat:!1,relative; content:"ilimler.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164269/; classtype:trojan-activity;sid:81027369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentynineteen/irbt-1yrds3-zyobg/"; http_uri; depth:52; isdataat:!1,relative; content:"www.miamigardensslidingdoorrepair.com"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164267/; classtype:trojan-activity;sid:81027367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/logon/t34aj9f-nynfij6-ruwrwu/"; http_uri; depth:30; isdataat:!1,relative; content:"www.favoritbt.t-online.hu"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164266/; classtype:trojan-activity;sid:81027366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog_images/us/company/copy_invoice/0796507623/mhwmz-irrn_zrzq-3q/"; http_uri; depth:67; isdataat:!1,relative; content:"tom11.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164265/; classtype:trojan-activity;sid:81027365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/requests/cookie/sudden.conf/us_us/oljoa-ov_sqjttwln-3f/"; http_uri; depth:68; isdataat:!1,relative; content:"taynguyen.dulichvietnam.com.vn"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164264/; classtype:trojan-activity;sid:81027364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/us_us/file/zrqg-jfrtk_fbao-ft/"; http_uri; depth:42; isdataat:!1,relative; content:"sag.ceo"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164263/; classtype:trojan-activity;sid:81027363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/services/invoice/izpu-nrk92_bxoygkrsl-oa9/"; http_uri; depth:43; isdataat:!1,relative; content:"pulsejobs.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164261/; classtype:trojan-activity;sid:81027361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blogs/xt40-hll4x-oiyvco/"; http_uri; depth:25; isdataat:!1,relative; content:"ra-design-bad.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164262/; classtype:trojan-activity;sid:81027362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/us/xerox/vpswm-rz_lu-fk/"; http_uri; depth:34; isdataat:!1,relative; content:"pasilhok.desa.id"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164260/; classtype:trojan-activity;sid:81027360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/9lo2-0w4brj-uhspnnt/"; http_uri; depth:30; isdataat:!1,relative; content:"nuochoavungkin.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164259/; classtype:trojan-activity;sid:81027359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/en_us/company/new_invoice/ursks-sufrf_a-o6/"; http_uri; depth:52; isdataat:!1,relative; content:"mundialbaloes.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164258/; classtype:trojan-activity;sid:81027358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/oblkafe/scan/tephw-xfkih_i-mvp/"; http_uri; depth:32; isdataat:!1,relative; content:"meliposhesh.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164256/; classtype:trojan-activity;sid:81027356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/doc/copy_invoice/51608445168/dmfu-yv_l-uan/"; http_uri; depth:55; isdataat:!1,relative; content:"multiesfera.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164257/; classtype:trojan-activity;sid:81027357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/6z64w-p6lb0f-sbfqq/"; http_uri; depth:32; isdataat:!1,relative; content:"junkmover.ca"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164255/; classtype:trojan-activity;sid:81027355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/en_us/ehnx-krvs_xaigrmz-ldb/"; http_uri; depth:40; isdataat:!1,relative; content:"ibustan.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164254/; classtype:trojan-activity;sid:81027354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wp-content/us_us/doc/invoice_number/pyoy-wfhxs_xctn-nlw/"; http_uri; depth:60; isdataat:!1,relative; content:"firstmnd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164251/; classtype:trojan-activity;sid:81027351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/en/doc/invoice/858151748288104/khgq-8q_wvyl-qwb/"; http_uri; depth:60; isdataat:!1,relative; content:"form8.sadek-webdesigner.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164252/; classtype:trojan-activity;sid:81027352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/c2nkrlt/gv1cf-k5tp3s-ktndifn/"; http_uri; depth:30; isdataat:!1,relative; content:"horseshows.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164253/; classtype:trojan-activity;sid:81027353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/yw8y-nrej4-xohf/"; http_uri; depth:21; isdataat:!1,relative; content:"dtk-ad.co.th"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164250/; classtype:trojan-activity;sid:81027350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/3ndgk-k1g50y-fovmpsl/"; http_uri; depth:31; isdataat:!1,relative; content:"digitalcore.lt"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164249/; classtype:trojan-activity;sid:81027349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sp95nmm/us_us/new_invoice/qbmq-bp_wepii-gbs/"; http_uri; depth:45; isdataat:!1,relative; content:"daarchoob.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164248/; classtype:trojan-activity;sid:81027348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jkrw9vw/en_en/file/524141659740308/mxwa-666y_huj-d3/"; http_uri; depth:53; isdataat:!1,relative; content:"www.pietdeconinck.be"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164247/; classtype:trojan-activity;sid:81027347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/trust.accounts.docs.biz/"; http_uri; depth:35; isdataat:!1,relative; content:"pacificbizsolutions.co.uk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164246/; classtype:trojan-activity;sid:81027346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/info/new_invoice/dddv-4nj0_itcofse-wpj/"; http_uri; depth:48; isdataat:!1,relative; content:"drbalaji.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164245/; classtype:trojan-activity;sid:81027345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/us/xerox/otvpo-xmk5b_cjfbl-et/"; http_uri; depth:52; isdataat:!1,relative; content:"gilsanbus.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164244/; classtype:trojan-activity;sid:81027344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xd6re7a/scan/copy_invoice/lwoe-nfo_yyt-yn/"; http_uri; depth:43; isdataat:!1,relative; content:"ppusvjetlost.com.ba"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164243/; classtype:trojan-activity;sid:81027343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sec.accounts.send.net/"; http_uri; depth:35; isdataat:!1,relative; content:"pirani.dst.uz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164242/; classtype:trojan-activity;sid:81027342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/document/invoice_notice/bdmin-rz_bosvqbbqe-b5/"; http_uri; depth:56; isdataat:!1,relative; content:"past.com.tr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164241/; classtype:trojan-activity;sid:81027341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chatonline2/verif.accounts.send.net/"; http_uri; depth:37; isdataat:!1,relative; content:"roxhospedagem.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164240/; classtype:trojan-activity;sid:81027340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/us/copy_invoice/63935993395/bmbb-tvcm_ywlffccp-tj/"; http_uri; depth:62; isdataat:!1,relative; content:"parbio.es"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164239/; classtype:trojan-activity;sid:81027339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/file/new_invoice/cbcgx-ghzet_eggmrsjgb-rz/"; http_uri; depth:54; isdataat:!1,relative; content:"onecommunityrising.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164238/; classtype:trojan-activity;sid:81027338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.myaccount.docs.com//"; http_uri; depth:39; isdataat:!1,relative; content:"money360.brightoak.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164237/; classtype:trojan-activity;sid:81027337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nick.mcbeth.com.au/trust.myaccount.resourses.com/"; http_uri; depth:50; isdataat:!1,relative; content:"mcbeth.com.au"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164236/; classtype:trojan-activity;sid:81027336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/admin/trust.myacc.send.com/"; http_uri; depth:28; isdataat:!1,relative; content:"makson.co.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164235/; classtype:trojan-activity;sid:81027335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.accounts.docs.net/"; http_uri; depth:37; isdataat:!1,relative; content:"duca-cameroun.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164234/; classtype:trojan-activity;sid:81027334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tools/us/invoice_number/qzhjq-vdkx_m-9a/"; http_uri; depth:41; isdataat:!1,relative; content:"papaya.ne.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164233/; classtype:trojan-activity;sid:81027333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cadovw7/verif.accounts.send.com/"; http_uri; depth:33; isdataat:!1,relative; content:"pauamaengineering.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164232/; classtype:trojan-activity;sid:81027332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/us/llc/726111242866/ycbi-rx_mtgy-rh/"; http_uri; depth:45; isdataat:!1,relative; content:"photos.morningsunedu.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164231/; classtype:trojan-activity;sid:81027331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sec.myaccount.send.biz/"; http_uri; depth:35; isdataat:!1,relative; content:"oltelectrics.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164230/; classtype:trojan-activity;sid:81027330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/us_us/57449522331016/jafg-sr_uq-xw/"; http_uri; depth:39; isdataat:!1,relative; content:"octoplustech.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164229/; classtype:trojan-activity;sid:81027329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/verif.myacc.resourses.com/"; http_uri; depth:37; isdataat:!1,relative; content:"omada.edu.gr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164228/; classtype:trojan-activity;sid:81027328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.myaccount.resourses.com/"; http_uri; depth:43; isdataat:!1,relative; content:"ohhhreally.cba.pl"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164227/; classtype:trojan-activity;sid:81027327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/corporation/copy_invoice/236341447/rvarw-rkvce_jeox-hry/"; http_uri; depth:60; isdataat:!1,relative; content:"mybibibox.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164226/; classtype:trojan-activity;sid:81027326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.myacc.docs.net/"; http_uri; depth:32; isdataat:!1,relative; content:"www.imageia.co.il"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164225/; classtype:trojan-activity;sid:81027325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/diaocngaynay/en/download/jqwue-swy_nny-ybs/"; http_uri; depth:44; isdataat:!1,relative; content:"diaocngaynay.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164224/; classtype:trojan-activity;sid:81027324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rvsincludefile/en_en/jipvv-zkx2_x-vw/"; http_uri; depth:38; isdataat:!1,relative; content:"profilegeomatics.ca"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164223/; classtype:trojan-activity;sid:81027323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.accs.docs.net/"; http_uri; depth:32; isdataat:!1,relative; content:"kunnskapsfilm.no"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164222/; classtype:trojan-activity;sid:81027322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.myaccount.send.com/"; http_uri; depth:37; isdataat:!1,relative; content:"dvcedu.vn"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164221/; classtype:trojan-activity;sid:81027321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.myaccount.docs.net/"; http_uri; depth:38; isdataat:!1,relative; content:"mireiatorrent.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164220/; classtype:trojan-activity;sid:81027320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/secure.accs.send.biz/"; http_uri; depth:26; isdataat:!1,relative; content:"www.hurrican.sk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164219/; classtype:trojan-activity;sid:81027319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/verif.accounts.resourses.com/"; http_uri; depth:39; isdataat:!1,relative; content:"multirezekisentosa.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164218/; classtype:trojan-activity;sid:81027318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/secure.myaccount.docs.net/"; http_uri; depth:39; isdataat:!1,relative; content:"neovimabackpack.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164217/; classtype:trojan-activity;sid:81027317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fobn/trust.accounts.send.net/"; http_uri; depth:30; isdataat:!1,relative; content:"larissapharma.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164216/; classtype:trojan-activity;sid:81027316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/secure.myaccount.resourses.biz/"; http_uri; depth:36; isdataat:!1,relative; content:"dropnshop.co.id"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164215/; classtype:trojan-activity;sid:81027315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shop/sec.accounts.resourses.com/"; http_uri; depth:33; isdataat:!1,relative; content:"modeltfordclubofamerica.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164214/; classtype:trojan-activity;sid:81027314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; content:"jahbob3.free.fr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164213/; classtype:trojan-activity;sid:81027313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pecvuodfel/verif.accounts.resourses.net/"; http_uri; depth:41; isdataat:!1,relative; content:"moredarom.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164212/; classtype:trojan-activity;sid:81027312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/verif.accs.send.biz/"; http_uri; depth:30; isdataat:!1,relative; content:"gazetadorn.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164211/; classtype:trojan-activity;sid:81027311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.accounts.send.net/"; http_uri; depth:32; isdataat:!1,relative; content:"medius.ge"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164210/; classtype:trojan-activity;sid:81027310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/edwinjefferson.com/jx7/"; http_uri; depth:24; isdataat:!1,relative; content:"bloodybits.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164209/; classtype:trojan-activity;sid:81027309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/1of/"; http_uri; depth:13; isdataat:!1,relative; content:"www.majoristanbul.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164208/; classtype:trojan-activity;sid:81027308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/en/jhs/"; http_uri; depth:8; isdataat:!1,relative; content:"barabooseniorhigh.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164207/; classtype:trojan-activity;sid:81027307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/ug7/"; http_uri; depth:17; isdataat:!1,relative; content:"www.yanjiaozhan.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164206/; classtype:trojan-activity;sid:81027306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9011226/cp=izdwjhqswgolkbfhber2bjye8mwtvyj0_glrj2fqcgn9fss-2epupxptg-inj813_qyci3kqilwfkp4cb9ige6kb0vhul_meh_vnmyzwyn7poi2iz77re4yfuhoi2mrsdtlb_cz_fbgzvn2ai_u5wjmwqz5ssbbendgc8fab7pm=/"; http_uri; depth:185; isdataat:!1,relative; content:"track.smtpsendemail.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164205/; classtype:trojan-activity;sid:81027305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9yorcan/trust.myacc.send.com/"; http_uri; depth:30; isdataat:!1,relative; content:"inovatips.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164204/; classtype:trojan-activity;sid:81027304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/mxwp/"; http_uri; depth:15; isdataat:!1,relative; content:"www.bilgiegitimonline.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164203/; classtype:trojan-activity;sid:81027303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.accounts.docs.com/"; http_uri; depth:36; isdataat:!1,relative; content:"mwfurniture.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164202/; classtype:trojan-activity;sid:81027302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/verif.accs.send.com/"; http_uri; depth:30; isdataat:!1,relative; content:"sanafarm.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164201/; classtype:trojan-activity;sid:81027301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/m_z/"; http_uri; depth:17; isdataat:!1,relative; content:"ongbrotar.cl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164200/; classtype:trojan-activity;sid:81027300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/ee_yo/"; http_uri; depth:16; isdataat:!1,relative; content:"dqbdesign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164199/; classtype:trojan-activity;sid:81027299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/svsvbk/bz_qs/"; http_uri; depth:14; isdataat:!1,relative; content:"kianse.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164198/; classtype:trojan-activity;sid:81027298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ib9j3yx/t_k/"; http_uri; depth:13; isdataat:!1,relative; content:"mercalzado.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164196/; classtype:trojan-activity;sid:81027296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/yw_c/"; http_uri; depth:27; isdataat:!1,relative; content:"www.camereco.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164197/; classtype:trojan-activity;sid:81027297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/puppies/en/doc/9422359844265/trovk-mmr_ddd-rg6/"; http_uri; depth:48; isdataat:!1,relative; content:"kebulak.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164195/; classtype:trojan-activity;sid:81027295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/requests/cookie/sudden.conf/us_us/oljoa-ov_sqjttwln-3f/"; http_uri; depth:68; isdataat:!1,relative; content:"taynguyen.dulichvietnam.com.vn"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164194/; classtype:trojan-activity;sid:81027294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/en_us/file/invoice/tuoky-5g9_wlkglvof-wi/"; http_uri; depth:51; isdataat:!1,relative; content:"fetva.imambuharivakfi.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164193/; classtype:trojan-activity;sid:81027293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/baomat/m2t0v-v9q4c-gqkr/"; http_uri; depth:25; isdataat:!1,relative; content:"abi.com.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164192/; classtype:trojan-activity;sid:81027292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/secure.accounts.resourses.biz/"; http_uri; depth:39; isdataat:!1,relative; content:"casacachada.pt"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164191/; classtype:trojan-activity;sid:81027291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_backup-20190208-hacked/trust.accounts.docs.com/"; http_uri; depth:49; isdataat:!1,relative; content:"drszamitogep.hu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164190/; classtype:trojan-activity;sid:81027290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/verif.accounts.docs.biz/"; http_uri; depth:34; isdataat:!1,relative; content:"xn--dammkrret-z2a.se"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164189/; classtype:trojan-activity;sid:81027289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/quadrant/slim.exe"; http_uri; depth:18; isdataat:!1,relative; content:"treassurebank.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164188/; classtype:trojan-activity;sid:81027288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.mips"; http_uri; depth:15; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164187/; classtype:trojan-activity;sid:81027287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.accounts.docs.biz/"; http_uri; depth:32; isdataat:!1,relative; content:"clinicanatur.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164186/; classtype:trojan-activity;sid:81027286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.x86"; http_uri; depth:14; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164185/; classtype:trojan-activity;sid:81027285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164184/; classtype:trojan-activity;sid:81027284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.mips"; http_uri; depth:14; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164183/; classtype:trojan-activity;sid:81027283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164182/; classtype:trojan-activity;sid:81027282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164181/; classtype:trojan-activity;sid:81027281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164180/; classtype:trojan-activity;sid:81027280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164179/; classtype:trojan-activity;sid:81027279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164178/; classtype:trojan-activity;sid:81027278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164177/; classtype:trojan-activity;sid:81027277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/oceanwp/assets/css/edd/tssx.exe"; http_uri; depth:50; isdataat:!1,relative; content:"shadowbright.co.uk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164176/; classtype:trojan-activity;sid:81027276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164175/; classtype:trojan-activity;sid:81027275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164173/; classtype:trojan-activity;sid:81027273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164174/; classtype:trojan-activity;sid:81027274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.mips"; http_uri; depth:15; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164172/; classtype:trojan-activity;sid:81027272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164171/; classtype:trojan-activity;sid:81027271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164170/; classtype:trojan-activity;sid:81027270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164169/; classtype:trojan-activity;sid:81027269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/verif.accs.send.net/"; http_uri; depth:30; isdataat:!1,relative; content:"bettery.hu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164168/; classtype:trojan-activity;sid:81027268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.accounts.docs.com/"; http_uri; depth:35; isdataat:!1,relative; content:"babycool.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164167/; classtype:trojan-activity;sid:81027267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"138.197.214.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164166/; classtype:trojan-activity;sid:81027266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"138.197.214.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164165/; classtype:trojan-activity;sid:81027265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm"; http_uri; depth:13; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164164/; classtype:trojan-activity;sid:81027264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164163/; classtype:trojan-activity;sid:81027263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164162/; classtype:trojan-activity;sid:81027262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/quadrant/temi.exe"; http_uri; depth:18; isdataat:!1,relative; content:"treassurebank.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164161/; classtype:trojan-activity;sid:81027261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.arm"; http_uri; depth:14; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164160/; classtype:trojan-activity;sid:81027260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164158/; classtype:trojan-activity;sid:81027258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164159/; classtype:trojan-activity;sid:81027259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vanish.x86"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164157/; classtype:trojan-activity;sid:81027257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"27.64.236.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164156/; classtype:trojan-activity;sid:81027256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ooscqky7/sec.myaccount.docs.biz/"; http_uri; depth:33; isdataat:!1,relative; content:"songlinhtran.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164155/; classtype:trojan-activity;sid:81027255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.myaccount.send.com/"; http_uri; depth:38; isdataat:!1,relative; content:"edtech.iae.edu.vn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164154/; classtype:trojan-activity;sid:81027254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vsgpn5j/sec.myacc.resourses.net/"; http_uri; depth:33; isdataat:!1,relative; content:"ogricc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164153/; classtype:trojan-activity;sid:81027253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.myaccount.docs.com///"; http_uri; depth:40; isdataat:!1,relative; content:"money360.brightoak.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164152/; classtype:trojan-activity;sid:81027252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/trust.myacc.resourses.net/"; http_uri; depth:38; isdataat:!1,relative; content:"gdv.stomp.digital"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164151/; classtype:trojan-activity;sid:81027251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/new/verif.myacc.docs.net/"; http_uri; depth:26; isdataat:!1,relative; content:"ritikastonegallery.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164150/; classtype:trojan-activity;sid:81027250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/includes/verif.myaccount.docs.com/"; http_uri; depth:35; isdataat:!1,relative; content:"nammuzey.uz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164149/; classtype:trojan-activity;sid:81027249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zrdgo4p/trust.accounts.resourses.com/"; http_uri; depth:38; isdataat:!1,relative; content:"gelatidoro.sk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164148/; classtype:trojan-activity;sid:81027248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/u3dkdp0/trust.accs.docs.net/"; http_uri; depth:29; isdataat:!1,relative; content:"134.209.64.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164147/; classtype:trojan-activity;sid:81027247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sec.accounts.docs.biz/"; http_uri; depth:35; isdataat:!1,relative; content:"bizjournalsnet.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164146/; classtype:trojan-activity;sid:81027246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/verif.accounts.docs.com/"; http_uri; depth:28; isdataat:!1,relative; content:"taringabaptist.org.au"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164145/; classtype:trojan-activity;sid:81027245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.myaccount.docs.com/"; http_uri; depth:38; isdataat:!1,relative; content:"money360.brightoak.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164144/; classtype:trojan-activity;sid:81027244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2016/07/ijrke-ixohw8-extxidmdy/"; http_uri; depth:51; isdataat:!1,relative; content:"libtech.com.au"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164143/; classtype:trojan-activity;sid:81027243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/tmlva-l12qym-zxqgzv/"; http_uri; depth:30; isdataat:!1,relative; content:"healthwiseonline.com.au"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164142/; classtype:trojan-activity;sid:81027242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plugins/cxdhd-v9vdz-mfem/"; http_uri; depth:26; isdataat:!1,relative; content:"gamarepro.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164141/; classtype:trojan-activity;sid:81027241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/91tmv-1exbm-vahujshoi/"; http_uri; depth:35; isdataat:!1,relative; content:"kebabkungen.se"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164140/; classtype:trojan-activity;sid:81027240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/icopia/files/og61-tn6jj-qlvknqz/"; http_uri; depth:33; isdataat:!1,relative; content:"fisika.mipa.uns.ac.id"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164139/; classtype:trojan-activity;sid:81027239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gopy0-23uc6m-gwjk/"; http_uri; depth:30; isdataat:!1,relative; content:"conteudo.canguru.life"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164138/; classtype:trojan-activity;sid:81027238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gopy0-23uc6m-gwjk/"; http_uri; depth:30; isdataat:!1,relative; content:"conteudo.canguru.life"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164137/; classtype:trojan-activity;sid:81027237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rylawpc/yg9o-1q4hhq-etsozwiv/"; http_uri; depth:30; isdataat:!1,relative; content:"ksoncrossfit.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164135/; classtype:trojan-activity;sid:81027235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/js_composer/zzfn-edgfr-hojhze/"; http_uri; depth:50; isdataat:!1,relative; content:"senteca.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164136/; classtype:trojan-activity;sid:81027236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/2f/"; http_uri; depth:15; isdataat:!1,relative; content:"gestationaldiabetes.eastus.cloudapp.azure.com"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164134/; classtype:trojan-activity;sid:81027234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/gva6-789j6-vabtovc/"; http_uri; depth:39; isdataat:!1,relative; content:"kannada.awgp.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164133/; classtype:trojan-activity;sid:81027233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-contents/7h1a0-6slc70-doodljp/"; http_uri; depth:34; isdataat:!1,relative; content:"alpinaemlak.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164131/; classtype:trojan-activity;sid:81027231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/9cuo-90nwi5-vjzragcfh/"; http_uri; depth:35; isdataat:!1,relative; content:"opark.in"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164132/; classtype:trojan-activity;sid:81027232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/hmkm-7ep7xg-mwwamrvqe/"; http_uri; depth:30; isdataat:!1,relative; content:"pandeglangkec.pandeglangkab.go.id"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164130/; classtype:trojan-activity;sid:81027230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/starter/tkv3n-7ndnw-uoqbgx/"; http_uri; depth:28; isdataat:!1,relative; content:"bytesoftware.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164129/; classtype:trojan-activity;sid:81027229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/e-commerce/a68c-g2a2a-efxfcgfd/"; http_uri; depth:32; isdataat:!1,relative; content:"gpdiffusionemercato.it"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164128/; classtype:trojan-activity;sid:81027228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/gv7f4-xl5q6-zvzuwu/"; http_uri; depth:28; isdataat:!1,relative; content:"pearlywhites.co.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164127/; classtype:trojan-activity;sid:81027227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/p1tjp-lscosc-wkpoiilwb/"; http_uri; depth:33; isdataat:!1,relative; content:"www.oprecht-advies.nl"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164126/; classtype:trojan-activity;sid:81027226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/rpnf-jhh1i7-pbdsnofmq/"; http_uri; depth:33; isdataat:!1,relative; content:"coozca.com.ve"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164125/; classtype:trojan-activity;sid:81027225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/css/l0wp-e0qbn-iiuib/"; http_uri; depth:22; isdataat:!1,relative; content:"kan.kan2.go.th"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164124/; classtype:trojan-activity;sid:81027224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/components/iw0p-i2fz03-hojkhmcm/"; http_uri; depth:33; isdataat:!1,relative; content:"uzbek.travel"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164123/; classtype:trojan-activity;sid:81027223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/tbhai-39ypgu-rujw/"; http_uri; depth:31; isdataat:!1,relative; content:"xn--m3ceafca9cn1gc9rcdc0hzdh.news"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164122/; classtype:trojan-activity;sid:81027222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/0gwd-lkj33r-maqwc/"; http_uri; depth:31; isdataat:!1,relative; content:"lastmilecdn.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164121/; classtype:trojan-activity;sid:81027221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/skvw-bgosp-tmqlklda/"; http_uri; depth:28; isdataat:!1,relative; content:"divacontrol.ro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164119/; classtype:trojan-activity;sid:81027219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/modules/pree-4x0be-obvfoh/"; http_uri; depth:27; isdataat:!1,relative; content:"martinamasaze.cz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164120/; classtype:trojan-activity;sid:81027220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/kmg/"; http_uri; depth:17; isdataat:!1,relative; content:"doodleninja.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164118/; classtype:trojan-activity;sid:81027218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/rm/"; http_uri; depth:15; isdataat:!1,relative; content:"ariasms.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164117/; classtype:trojan-activity;sid:81027217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/js_composer/zzfn-edgfr-hojhze/"; http_uri; depth:50; isdataat:!1,relative; content:"senteca.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164116/; classtype:trojan-activity;sid:81027216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beta/gwl5i-atpdh-qilvnqjj/"; http_uri; depth:27; isdataat:!1,relative; content:"walkinaluuki.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164115/; classtype:trojan-activity;sid:81027215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/x8n5j-tj0bb-xqcwo/"; http_uri; depth:30; isdataat:!1,relative; content:"webforchurch.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164114/; classtype:trojan-activity;sid:81027214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/xibe/"; http_uri; depth:17; isdataat:!1,relative; content:"urist-advokat-mogilev.by"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164113/; classtype:trojan-activity;sid:81027213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rylawpc/yg9o-1q4hhq-etsozwiv/"; http_uri; depth:30; isdataat:!1,relative; content:"ksoncrossfit.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164112/; classtype:trojan-activity;sid:81027212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/26r2-yr01fu-sbrhrdp/"; http_uri; depth:33; isdataat:!1,relative; content:"xn--12co8a6cdw9dmf.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164111/; classtype:trojan-activity;sid:81027211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ww4w/sec.myacc.docs.biz/"; http_uri; depth:25; isdataat:!1,relative; content:"ayodhyatrade.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164110/; classtype:trojan-activity;sid:81027210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/trust.accs.resourses.net/"; http_uri; depth:37; isdataat:!1,relative; content:"noithathofaco.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164109/; classtype:trojan-activity;sid:81027209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/icon/secure.myaccount.docs.biz/"; http_uri; depth:32; isdataat:!1,relative; content:"dhirendra.com.np"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164108/; classtype:trojan-activity;sid:81027208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sec.myaccount.send.com/"; http_uri; depth:36; isdataat:!1,relative; content:"nghetaynhapkhau.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164107/; classtype:trojan-activity;sid:81027207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bogota/pf.exe"; http_uri; depth:14; isdataat:!1,relative; content:"eltiempocomco.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164106/; classtype:trojan-activity;sid:81027206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/vsgpn5j/sec.myacc.resourses.net/"; http_uri; depth:33; isdataat:!1,relative; content:"ogricc.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164105/; classtype:trojan-activity;sid:81027205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sec.myaccount.docs.net/"; http_uri; depth:35; isdataat:!1,relative; content:"nhatrangtropicana.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164104/; classtype:trojan-activity;sid:81027204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9yorcan/trust.myacc.send.com/"; http_uri; depth:30; isdataat:!1,relative; content:"inovatips.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164103/; classtype:trojan-activity;sid:81027203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9uyruon/trust.accs.send.com/"; http_uri; depth:29; isdataat:!1,relative; content:"overnightfilmfestival.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164102/; classtype:trojan-activity;sid:81027202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.accounts.send.net/"; http_uri; depth:37; isdataat:!1,relative; content:"nuochoacharme.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164101/; classtype:trojan-activity;sid:81027201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/starter/trust.accs.send.com/"; http_uri; depth:29; isdataat:!1,relative; content:"bytesoftware.com.br"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164100/; classtype:trojan-activity;sid:81027200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/roundcube/sec.myaccount.docs.biz/"; http_uri; depth:34; isdataat:!1,relative; content:"buybywe.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164099/; classtype:trojan-activity;sid:81027199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/roundcube/secure.accs.docs.com/"; http_uri; depth:32; isdataat:!1,relative; content:"buybywe.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164098/; classtype:trojan-activity;sid:81027198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/secure.myaccount.send.net/"; http_uri; depth:39; isdataat:!1,relative; content:"aupa.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164097/; classtype:trojan-activity;sid:81027197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/sec.accounts.docs.com/"; http_uri; depth:31; isdataat:!1,relative; content:"abcdcreative.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164096/; classtype:trojan-activity;sid:81027196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zoom/krs.xlsx"; http_uri; depth:14; isdataat:!1,relative; content:"shannai.us"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164095/; classtype:trojan-activity;sid:81027195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/quadrant/jtbb.exe"; http_uri; depth:18; isdataat:!1,relative; content:"treassurebank.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164094/; classtype:trojan-activity;sid:81027194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"187.199.77.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164093/; classtype:trojan-activity;sid:81027193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pf.exe"; http_uri; depth:7; isdataat:!1,relative; content:"eltiempocomco.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164092/; classtype:trojan-activity;sid:81027192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dofus.exe"; http_uri; depth:10; isdataat:!1,relative; content:"jycslist.free.fr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164091/; classtype:trojan-activity;sid:81027191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/f.jpg"; http_uri; depth:6; isdataat:!1,relative; content:"eltiempocomco.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164090/; classtype:trojan-activity;sid:81027190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iccp2016/wp-content/plugins/no-comments/includes/hp.gf"; http_uri; depth:55; isdataat:!1,relative; content:"compphotolab.northwestern.edu"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164089/; classtype:trojan-activity;sid:81027189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/oceanwp/assets/css/edd/hp.gf"; http_uri; depth:47; isdataat:!1,relative; content:"shadowbright.co.uk"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164088/; classtype:trojan-activity;sid:81027188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/09316-88d70599-3fa3-4c9b-af16-889f8fd4f1b0.exe"; http_uri; depth:47; isdataat:!1,relative; content:"grabilla.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164087/; classtype:trojan-activity;sid:81027187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/avengers.x86_64"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164086/; classtype:trojan-activity;sid:81027186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/avengers.sparc"; http_uri; depth:20; isdataat:!1,relative; content:"185.244.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164085/; classtype:trojan-activity;sid:81027185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/avengers.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164083/; classtype:trojan-activity;sid:81027183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/avengers.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"185.244.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164084/; classtype:trojan-activity;sid:81027184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/avengers.mipsel"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164081/; classtype:trojan-activity;sid:81027181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/avengers.powerpc"; http_uri; depth:22; isdataat:!1,relative; content:"185.244.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164082/; classtype:trojan-activity;sid:81027182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/avengers.mips"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164080/; classtype:trojan-activity;sid:81027180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/avengers.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164079/; classtype:trojan-activity;sid:81027179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/avengers.i686"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164078/; classtype:trojan-activity;sid:81027178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/avengers.i586"; http_uri; depth:19; isdataat:!1,relative; content:"185.244.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164077/; classtype:trojan-activity;sid:81027177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/avengers.armv5l"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164075/; classtype:trojan-activity;sid:81027175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/avengers.armv6l"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164076/; classtype:trojan-activity;sid:81027176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/files/7tuz-ii3di-ofrrbki/"; http_uri; depth:26; isdataat:!1,relative; content:"haru1ban.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164074/; classtype:trojan-activity;sid:81027174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/2nzxd-herwps-hbtzr/"; http_uri; depth:29; isdataat:!1,relative; content:"grupoweb.cl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164073/; classtype:trojan-activity;sid:81027173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/avengers.armv4l"; http_uri; depth:21; isdataat:!1,relative; content:"185.244.25.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164072/; classtype:trojan-activity;sid:81027172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; content:"209.141.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164071/; classtype:trojan-activity;sid:81027171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; content:"209.141.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164069/; classtype:trojan-activity;sid:81027169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; content:"209.141.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164070/; classtype:trojan-activity;sid:81027170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"209.141.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164068/; classtype:trojan-activity;sid:81027168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; content:"209.141.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164067/; classtype:trojan-activity;sid:81027167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; content:"209.141.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164066/; classtype:trojan-activity;sid:81027166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; content:"209.141.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164065/; classtype:trojan-activity;sid:81027165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; content:"209.141.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164064/; classtype:trojan-activity;sid:81027164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; content:"209.141.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164063/; classtype:trojan-activity;sid:81027163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"209.141.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164062/; classtype:trojan-activity;sid:81027162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arc"; http_uri; depth:9; isdataat:!1,relative; content:"209.141.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164061/; classtype:trojan-activity;sid:81027161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alexphilipsssons/alabamasmith/raw/master/axalabama"; http_uri; depth:51; isdataat:!1,relative; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164059/; classtype:trojan-activity;sid:81027159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/alexphilipsssons/awsomerun/raw/master/codds"; http_uri; depth:44; isdataat:!1,relative; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164060/; classtype:trojan-activity;sid:81027160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sb/123.exe"; http_uri; depth:11; isdataat:!1,relative; content:"kglsajdasjd1232.pw"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164058/; classtype:trojan-activity;sid:81027158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wed/mak/mac.exe"; http_uri; depth:16; isdataat:!1,relative; content:"tfvn.com.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164057/; classtype:trojan-activity;sid:81027157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/head-blog/lib/customizer/css/hp.gf"; http_uri; depth:53; isdataat:!1,relative; content:"corpoesaude.club"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164056/; classtype:trojan-activity;sid:81027156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/impose/js/jquery-validation/localization/hp.gf"; http_uri; depth:65; isdataat:!1,relative; content:"claudiacrobatia.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164055/; classtype:trojan-activity;sid:81027155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/plugins/hp.gf"; http_uri; depth:35; isdataat:!1,relative; content:"diazzsweden.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164054/; classtype:trojan-activity;sid:81027154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.spc"; http_uri; depth:13; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164052/; classtype:trojan-activity;sid:81027152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.x86"; http_uri; depth:13; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164053/; classtype:trojan-activity;sid:81027153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164051/; classtype:trojan-activity;sid:81027151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164049/; classtype:trojan-activity;sid:81027149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164050/; classtype:trojan-activity;sid:81027150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164047/; classtype:trojan-activity;sid:81027147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.mips"; http_uri; depth:14; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164048/; classtype:trojan-activity;sid:81027148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164046/; classtype:trojan-activity;sid:81027146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm"; http_uri; depth:13; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164044/; classtype:trojan-activity;sid:81027144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164045/; classtype:trojan-activity;sid:81027145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164043/; classtype:trojan-activity;sid:81027143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/hp.gf"; http_uri; depth:14; isdataat:!1,relative; content:"party-slot.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164042/; classtype:trojan-activity;sid:81027142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/fz/"; http_uri; depth:15; isdataat:!1,relative; content:"www.plantationslidingdoorrepair.net"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164041/; classtype:trojan-activity;sid:81027141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blogs/xt40-hll4x-oiyvco/"; http_uri; depth:25; isdataat:!1,relative; content:"ra-design-bad.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164040/; classtype:trojan-activity;sid:81027140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zoom/kres.exe"; http_uri; depth:14; isdataat:!1,relative; content:"shannai.us"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164039/; classtype:trojan-activity;sid:81027139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.arm5"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164038/; classtype:trojan-activity;sid:81027138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.sh4"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164037/; classtype:trojan-activity;sid:81027137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.arm"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164036/; classtype:trojan-activity;sid:81027136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"36.77.225.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164035/; classtype:trojan-activity;sid:81027135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"5.145.160.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164034/; classtype:trojan-activity;sid:81027134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.x86"; http_uri; depth:14; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164033/; classtype:trojan-activity;sid:81027133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cunyhg"; http_uri; depth:7; isdataat:!1,relative; content:"185.239.227.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164032/; classtype:trojan-activity;sid:81027132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.mips"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164031/; classtype:trojan-activity;sid:81027131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zoom/azrt.exe"; http_uri; depth:14; isdataat:!1,relative; content:"shannai.us"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164030/; classtype:trojan-activity;sid:81027130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.ppc"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164029/; classtype:trojan-activity;sid:81027129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164028/; classtype:trojan-activity;sid:81027128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.x86"; http_uri; depth:13; isdataat:!1,relative; content:"34.65.253.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164027/; classtype:trojan-activity;sid:81027127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"24.220.240.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164026/; classtype:trojan-activity;sid:81027126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.arm7"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164025/; classtype:trojan-activity;sid:81027125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dhl2/7dt6-qb33dl-afrnq/"; http_uri; depth:24; isdataat:!1,relative; content:"foundation.wheremindsgrow.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164024/; classtype:trojan-activity;sid:81027124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beta/gwl5i-atpdh-qilvnqjj/"; http_uri; depth:27; isdataat:!1,relative; content:"walkinaluuki.pl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164023/; classtype:trojan-activity;sid:81027123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.m68k"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164022/; classtype:trojan-activity;sid:81027122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/win.png"; http_uri; depth:8; isdataat:!1,relative; content:"85.143.220.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164021/; classtype:trojan-activity;sid:81027121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tin.png"; http_uri; depth:8; isdataat:!1,relative; content:"85.143.220.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164020/; classtype:trojan-activity;sid:81027120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sin.png"; http_uri; depth:8; isdataat:!1,relative; content:"85.143.220.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164019/; classtype:trojan-activity;sid:81027119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/toler.png"; http_uri; depth:10; isdataat:!1,relative; content:"85.143.220.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164018/; classtype:trojan-activity;sid:81027118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/worming.png"; http_uri; depth:12; isdataat:!1,relative; content:"85.143.220.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164017/; classtype:trojan-activity;sid:81027117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/table.png"; http_uri; depth:10; isdataat:!1,relative; content:"85.143.220.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164016/; classtype:trojan-activity;sid:81027116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/radiance.png"; http_uri; depth:13; isdataat:!1,relative; content:"85.143.220.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164015/; classtype:trojan-activity;sid:81027115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/loq91/10x.phpl=udorm7.jad/"; http_uri; depth:27; isdataat:!1,relative; content:"r414525xw.band"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164014/; classtype:trojan-activity;sid:81027114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/mpsl"; http_uri; depth:20; isdataat:!1,relative; content:"157.230.165.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164013/; classtype:trojan-activity;sid:81027113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/mips"; http_uri; depth:20; isdataat:!1,relative; content:"157.230.165.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164012/; classtype:trojan-activity;sid:81027112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/spc"; http_uri; depth:19; isdataat:!1,relative; content:"157.230.165.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164011/; classtype:trojan-activity;sid:81027111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okd/images/userfilej.exe"; http_uri; depth:25; isdataat:!1,relative; content:"www.treassurebank.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164010/; classtype:trojan-activity;sid:81027110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.x86"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164009/; classtype:trojan-activity;sid:81027109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.arm6"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164008/; classtype:trojan-activity;sid:81027108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/harm"; http_uri; depth:20; isdataat:!1,relative; content:"157.230.165.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164007/; classtype:trojan-activity;sid:81027107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"186.220.196.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164006/; classtype:trojan-activity;sid:81027106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"74.75.165.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164005/; classtype:trojan-activity;sid:81027105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"14.157.15.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164004/; classtype:trojan-activity;sid:81027104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"189.140.87.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164003/; classtype:trojan-activity;sid:81027103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.x86"; http_uri; depth:14; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164002/; classtype:trojan-activity;sid:81027102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.spc"; http_uri; depth:14; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164001/; classtype:trojan-activity;sid:81027101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164000/; classtype:trojan-activity;sid:81027100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163999/; classtype:trojan-activity;sid:81027099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163998/; classtype:trojan-activity;sid:81027098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/daku.mips"; http_uri; depth:15; isdataat:!1,relative; content:"209.141.40.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163997/; classtype:trojan-activity;sid:81027097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vanish.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163996/; classtype:trojan-activity;sid:81027096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vanish.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163995/; classtype:trojan-activity;sid:81027095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vanish.x86"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163994/; classtype:trojan-activity;sid:81027094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vanish.spc"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163993/; classtype:trojan-activity;sid:81027093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vanish.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163992/; classtype:trojan-activity;sid:81027092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vanish.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163990/; classtype:trojan-activity;sid:81027090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vanish.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"68.183.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163991/; classtype:trojan-activity;sid:81027091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vanish.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163989/; classtype:trojan-activity;sid:81027089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vanish.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"68.183.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163988/; classtype:trojan-activity;sid:81027088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okd/images/userfilej.exe"; http_uri; depth:25; isdataat:!1,relative; content:"treassurebank.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163987/; classtype:trojan-activity;sid:81027087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.spc"; http_uri; depth:17; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163985/; classtype:trojan-activity;sid:81027085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.x86"; http_uri; depth:17; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163986/; classtype:trojan-activity;sid:81027086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.sh4"; http_uri; depth:17; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163984/; classtype:trojan-activity;sid:81027084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.ppc"; http_uri; depth:17; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163983/; classtype:trojan-activity;sid:81027083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.mpsl"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163982/; classtype:trojan-activity;sid:81027082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163980/; classtype:trojan-activity;sid:81027080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.m68k"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163981/; classtype:trojan-activity;sid:81027081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arc"; http_uri; depth:17; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163977/; classtype:trojan-activity;sid:81027077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm"; http_uri; depth:17; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163978/; classtype:trojan-activity;sid:81027078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163979/; classtype:trojan-activity;sid:81027079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163976/; classtype:trojan-activity;sid:81027076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.myaccount.docs.net/"; http_uri; depth:33; isdataat:!1,relative; content:"loweralabamagolf.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163975/; classtype:trojan-activity;sid:81027075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/iuh1/"; http_uri; depth:25; isdataat:!1,relative; content:"franosbarbershop.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163974/; classtype:trojan-activity;sid:81027074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.mips"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163973/; classtype:trojan-activity;sid:81027073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zoom/kres2.exe"; http_uri; depth:15; isdataat:!1,relative; content:"shannai.us"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163972/; classtype:trojan-activity;sid:81027072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mips"; http_uri; depth:11; isdataat:!1,relative; content:"68.183.145.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163971/; classtype:trojan-activity;sid:81027071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah.i686"; http_uri; depth:10; isdataat:!1,relative; content:"167.86.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163970/; classtype:trojan-activity;sid:81027070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nut"; http_uri; depth:4; isdataat:!1,relative; content:"206.189.114.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163969/; classtype:trojan-activity;sid:81027069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"206.189.114.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163968/; classtype:trojan-activity;sid:81027068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah.sh4"; http_uri; depth:9; isdataat:!1,relative; content:"167.86.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163967/; classtype:trojan-activity;sid:81027067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.mips"; http_uri; depth:11; isdataat:!1,relative; content:"206.189.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163966/; classtype:trojan-activity;sid:81027066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah.mips64"; http_uri; depth:12; isdataat:!1,relative; content:"167.86.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163965/; classtype:trojan-activity;sid:81027065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"68.183.145.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163964/; classtype:trojan-activity;sid:81027064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"68.183.145.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163963/; classtype:trojan-activity;sid:81027063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"206.189.114.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163962/; classtype:trojan-activity;sid:81027062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i686"; http_uri; depth:11; isdataat:!1,relative; content:"68.183.145.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163961/; classtype:trojan-activity;sid:81027061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.arm7"; http_uri; depth:11; isdataat:!1,relative; content:"206.189.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163960/; classtype:trojan-activity;sid:81027060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah.arm7"; http_uri; depth:10; isdataat:!1,relative; content:"167.86.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163959/; classtype:trojan-activity;sid:81027059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"206.189.114.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163958/; classtype:trojan-activity;sid:81027058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cayo9"; http_uri; depth:6; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163956/; classtype:trojan-activity;sid:81027056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah.arm6"; http_uri; depth:10; isdataat:!1,relative; content:"167.86.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163957/; classtype:trojan-activity;sid:81027057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cayo11"; http_uri; depth:7; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163955/; classtype:trojan-activity;sid:81027055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"206.189.114.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163954/; classtype:trojan-activity;sid:81027054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"206.189.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163953/; classtype:trojan-activity;sid:81027053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"68.183.145.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163952/; classtype:trojan-activity;sid:81027052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cayo12"; http_uri; depth:7; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163950/; classtype:trojan-activity;sid:81027050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah.mips"; http_uri; depth:10; isdataat:!1,relative; content:"167.86.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163951/; classtype:trojan-activity;sid:81027051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"68.183.145.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163949/; classtype:trojan-activity;sid:81027049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cayo6"; http_uri; depth:6; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163948/; classtype:trojan-activity;sid:81027048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cayo7"; http_uri; depth:6; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163947/; classtype:trojan-activity;sid:81027047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"206.189.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163945/; classtype:trojan-activity;sid:81027045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"68.183.145.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163946/; classtype:trojan-activity;sid:81027046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah.arm5"; http_uri; depth:10; isdataat:!1,relative; content:"167.86.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163944/; classtype:trojan-activity;sid:81027044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"206.189.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163943/; classtype:trojan-activity;sid:81027043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.i586"; http_uri; depth:11; isdataat:!1,relative; content:"206.189.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163942/; classtype:trojan-activity;sid:81027042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah.mpsl"; http_uri; depth:10; isdataat:!1,relative; content:"167.86.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163941/; classtype:trojan-activity;sid:81027041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"206.189.114.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163940/; classtype:trojan-activity;sid:81027040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"206.189.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163939/; classtype:trojan-activity;sid:81027039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah.x86_64"; http_uri; depth:12; isdataat:!1,relative; content:"167.86.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163938/; classtype:trojan-activity;sid:81027038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wqyt/"; http_uri; depth:16; isdataat:!1,relative; content:"altarfx.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163937/; classtype:trojan-activity;sid:81027037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/fqslt/"; http_uri; depth:18; isdataat:!1,relative; content:"uitcs.acm.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163936/; classtype:trojan-activity;sid:81027036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/qbci/"; http_uri; depth:18; isdataat:!1,relative; content:"arexcargo.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163935/; classtype:trojan-activity;sid:81027035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/myw3/"; http_uri; depth:18; isdataat:!1,relative; content:"artmikhalchyk.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163934/; classtype:trojan-activity;sid:81027034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"68.183.145.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163933/; classtype:trojan-activity;sid:81027033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/iuh1/"; http_uri; depth:25; isdataat:!1,relative; content:"franosbarbershop.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163932/; classtype:trojan-activity;sid:81027032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"206.189.114.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163931/; classtype:trojan-activity;sid:81027031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm7"; http_uri; depth:11; isdataat:!1,relative; content:"68.183.145.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163930/; classtype:trojan-activity;sid:81027030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i586"; http_uri; depth:11; isdataat:!1,relative; content:"68.183.145.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163929/; classtype:trojan-activity;sid:81027029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"206.189.114.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163928/; classtype:trojan-activity;sid:81027028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"206.189.114.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163927/; classtype:trojan-activity;sid:81027027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"68.183.145.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163926/; classtype:trojan-activity;sid:81027026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cayo13"; http_uri; depth:7; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163925/; classtype:trojan-activity;sid:81027025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.x86"; http_uri; depth:10; isdataat:!1,relative; content:"206.189.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163924/; classtype:trojan-activity;sid:81027024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah.ppc"; http_uri; depth:9; isdataat:!1,relative; content:"167.86.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163923/; classtype:trojan-activity;sid:81027023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"206.189.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163922/; classtype:trojan-activity;sid:81027022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"206.189.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163921/; classtype:trojan-activity;sid:81027021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cayo8"; http_uri; depth:6; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163920/; classtype:trojan-activity;sid:81027020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"206.189.114.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163919/; classtype:trojan-activity;sid:81027019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah.arm4tl"; http_uri; depth:12; isdataat:!1,relative; content:"167.86.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163918/; classtype:trojan-activity;sid:81027018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"206.189.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163917/; classtype:trojan-activity;sid:81027017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"206.189.114.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163916/; classtype:trojan-activity;sid:81027016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"206.189.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163915/; classtype:trojan-activity;sid:81027015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/woah.arm4l"; http_uri; depth:11; isdataat:!1,relative; content:"167.86.70.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163914/; classtype:trojan-activity;sid:81027014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"68.183.145.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163913/; classtype:trojan-activity;sid:81027013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cayo10"; http_uri; depth:7; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163912/; classtype:trojan-activity;sid:81027012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"206.189.114.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163911/; classtype:trojan-activity;sid:81027011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x86"; http_uri; depth:10; isdataat:!1,relative; content:"68.183.145.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163910/; classtype:trojan-activity;sid:81027010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/okami.i686"; http_uri; depth:11; isdataat:!1,relative; content:"206.189.235.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163909/; classtype:trojan-activity;sid:81027009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"128.199.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163907/; classtype:trojan-activity;sid:81027007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/telnetd"; http_uri; depth:8; isdataat:!1,relative; content:"128.199.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163908/; classtype:trojan-activity;sid:81027008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nut"; http_uri; depth:4; isdataat:!1,relative; content:"128.199.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163906/; classtype:trojan-activity;sid:81027006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"128.199.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163905/; classtype:trojan-activity;sid:81027005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"128.199.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163903/; classtype:trojan-activity;sid:81027003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"128.199.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163904/; classtype:trojan-activity;sid:81027004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"128.199.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163902/; classtype:trojan-activity;sid:81027002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"128.199.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163901/; classtype:trojan-activity;sid:81027001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"128.199.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163900/; classtype:trojan-activity;sid:81027000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"128.199.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163899/; classtype:trojan-activity;sid:81026999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"128.199.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163898/; classtype:trojan-activity;sid:81026998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"128.199.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163896/; classtype:trojan-activity;sid:81026996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"128.199.51.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163897/; classtype:trojan-activity;sid:81026997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi/01/5001032.png"; http_uri; depth:19; isdataat:!1,relative; content:"joomliads.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163895/; classtype:trojan-activity;sid:81026995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/snoop/obi.exe"; http_uri; depth:14; isdataat:!1,relative; content:"172.93.184.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163894/; classtype:trojan-activity;sid:81026994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi/01/974103.png"; http_uri; depth:18; isdataat:!1,relative; content:"joomliads.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163892/; classtype:trojan-activity;sid:81026992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm"; http_uri; depth:17; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163891/; classtype:trojan-activity;sid:81026991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.x86"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163890/; classtype:trojan-activity;sid:81026990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163889/; classtype:trojan-activity;sid:81026989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.arm6"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163888/; classtype:trojan-activity;sid:81026988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.mips"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163887/; classtype:trojan-activity;sid:81026987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163886/; classtype:trojan-activity;sid:81026986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163885/; classtype:trojan-activity;sid:81026985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.arm5"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163884/; classtype:trojan-activity;sid:81026984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.ppc"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163883/; classtype:trojan-activity;sid:81026983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.mips"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163882/; classtype:trojan-activity;sid:81026982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163881/; classtype:trojan-activity;sid:81026981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/quadrant/jtbb.exe"; http_uri; depth:18; isdataat:!1,relative; content:"treassurebank.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163880/; classtype:trojan-activity;sid:81026980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/r564jkh2.exe"; http_uri; depth:13; isdataat:!1,relative; content:"dsf334d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163879/; classtype:trojan-activity;sid:81026979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_output6d71340r3.exe"; http_uri; depth:21; isdataat:!1,relative; content:"dsf334d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163878/; classtype:trojan-activity;sid:81026978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_output7ae9f00s.exe"; http_uri; depth:20; isdataat:!1,relative; content:"dsf334d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163877/; classtype:trojan-activity;sid:81026977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.arm7"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163876/; classtype:trojan-activity;sid:81026976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.arm"; http_uri; depth:12; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163875/; classtype:trojan-activity;sid:81026975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.x86"; http_uri; depth:17; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163874/; classtype:trojan-activity;sid:81026974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; content:"209.141.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163873/; classtype:trojan-activity;sid:81026973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; content:"209.141.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163872/; classtype:trojan-activity;sid:81026972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163871/; classtype:trojan-activity;sid:81026971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/lv.m68k"; http_uri; depth:13; isdataat:!1,relative; content:"134.209.119.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163869/; classtype:trojan-activity;sid:81026969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm6"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163870/; classtype:trojan-activity;sid:81026970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163868/; classtype:trojan-activity;sid:81026968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gaybub/miori.arm7"; http_uri; depth:18; isdataat:!1,relative; content:"46.101.156.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163867/; classtype:trojan-activity;sid:81026967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/library/use/photo.scr"; http_uri; depth:22; isdataat:!1,relative; content:"www.twinplaza.jp"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163866/; classtype:trojan-activity;sid:81026966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20151215/%e9%87%91%e5%ad%97%e5%a1%94%e6%96%b9%e5%9d%97.exe"; http_uri; depth:59; isdataat:!1,relative; content:"s14b.91danji.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163865/; classtype:trojan-activity;sid:81026965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bbl.jpg"; http_uri; depth:8; isdataat:!1,relative; content:"electromada.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163864/; classtype:trojan-activity;sid:81026964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163862/; classtype:trojan-activity;sid:81026962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163861/; classtype:trojan-activity;sid:81026961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/company/instructions/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:89; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163859/; classtype:trojan-activity;sid:81026959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/company/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:76; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163860/; classtype:trojan-activity;sid:81026960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/company/instructions/gvxt-nymn_akb-85su/"; http_uri; depth:61; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163858/; classtype:trojan-activity;sid:81026958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/intuit_us_ca/info/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:86; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163856/; classtype:trojan-activity;sid:81026956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/intuit_us_ca/info/transactions/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:99; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163857/; classtype:trojan-activity;sid:81026957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/intuit_us_ca/info/company/instructions/gvxt-nymn_akb-85su/"; http_uri; depth:79; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163854/; classtype:trojan-activity;sid:81026954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/intuit_us_ca/info/company/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:94; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163855/; classtype:trojan-activity;sid:81026955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/intuit_us_ca/info/transactions/company/instructions/gvxt-nymn_akb-85su/"; http_uri; depth:92; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163853/; classtype:trojan-activity;sid:81026953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/intuit_us_ca/company/instructions/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:102; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163851/; classtype:trojan-activity;sid:81026951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/intuit_us_ca/info/transactions/sdmgr-sb_ix-qi3m/"; http_uri; depth:69; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163852/; classtype:trojan-activity;sid:81026952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/intuit_us_ca/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:81; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163849/; classtype:trojan-activity;sid:81026949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/intuit_us_ca/company/instructions/gvxt-nymn_akb-85su/"; http_uri; depth:74; isdataat:!1,relative; content:"lligamahasiswa.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163850/; classtype:trojan-activity;sid:81026950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/fonts/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:66; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163847/; classtype:trojan-activity;sid:81026947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/intuit_us_ca/company/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:89; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163848/; classtype:trojan-activity;sid:81026948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/intuit_us_ca/info/transactions/sdmgr-sb_ix-qi3m/"; http_uri; depth:61; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163846/; classtype:trojan-activity;sid:81026946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/intuit_us_ca/company/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:81; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163845/; classtype:trojan-activity;sid:81026945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/intuit_us_ca/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:73; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163844/; classtype:trojan-activity;sid:81026944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/intuit_us_ca/company/instructions/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:94; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163843/; classtype:trojan-activity;sid:81026943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/intuit_us_ca/company/instructions/gvxt-nymn_akb-85su/"; http_uri; depth:66; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163842/; classtype:trojan-activity;sid:81026942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/intuit_us_ca/info/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:78; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163841/; classtype:trojan-activity;sid:81026941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/intuit_us_ca/info/transactions/sendincverif/nachrichten/sichern/de_de/2019-03/"; http_uri; depth:91; isdataat:!1,relative; content:"ligamahasiswa.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163840/; classtype:trojan-activity;sid:81026940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chameleondesign/qe3jq-zpw5q-crzveq/"; http_uri; depth:36; isdataat:!1,relative; content:"beeonline.cz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163839/; classtype:trojan-activity;sid:81026939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.mips"; http_uri; depth:15; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163837/; classtype:trojan-activity;sid:81026937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.x86"; http_uri; depth:14; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163838/; classtype:trojan-activity;sid:81026938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sbot.arm"; http_uri; depth:14; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163836/; classtype:trojan-activity;sid:81026936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/accounting/documents/download.phpfile=odq3mjk5nji2of9fx19lbgv3dwwuzxhl"; http_uri; depth:71; isdataat:!1,relative; content:"turismolenzarote.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163835/; classtype:trojan-activity;sid:81026935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/installation_declic.exe"; http_uri; depth:24; isdataat:!1,relative; content:"declic-prospection.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163834/; classtype:trojan-activity;sid:81026934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/accounting/documents/download.phpfile=ndg0odu5mdqynl9fx19zy2fuczm0lnbuzw=="; http_uri; depth:75; isdataat:!1,relative; content:"turismolenzarote.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163833/; classtype:trojan-activity;sid:81026933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20151218/%e5%b0%8f%e9%b8%a1%e5%85%a5%e4%be%b5%e8%80%853.exe"; http_uri; depth:60; isdataat:!1,relative; content:"s14b.groundyun.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163832/; classtype:trojan-activity;sid:81026932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/license.exe"; http_uri; depth:12; isdataat:!1,relative; content:"rrbmexico.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163831/; classtype:trojan-activity;sid:81026931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/w8kf86/"; http_uri; depth:27; isdataat:!1,relative; content:"www.drivingwitharrow.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163830/; classtype:trojan-activity;sid:81026930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/installw.exe"; http_uri; depth:13; isdataat:!1,relative; content:"www.winkniga.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163829/; classtype:trojan-activity;sid:81026929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20151218/%e5%b0%8f%e9%b8%a1%e5%85%a5%e4%be%b5%e8%80%853.exe"; http_uri; depth:60; isdataat:!1,relative; content:"s14b.91danji.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163828/; classtype:trojan-activity;sid:81026928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20151220/%e5%8c%97%e6%96%97%e7%a5%9e%e6%8b%b3%e4%b8%96%e7%ba%aa%e6%9c%ab%e6%95%91%e4%b8%96%e4%b8%bb%e4%bc%a0%e8%af%b4.exe"; http_uri; depth:122; isdataat:!1,relative; content:"s14b.91danji.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163827/; classtype:trojan-activity;sid:81026927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/images/personal/rtrhoomu4duxoxr.exe"; http_uri; depth:52; isdataat:!1,relative; content:"ahsantiago.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163826/; classtype:trojan-activity;sid:81026926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/accounting/documents/download.phpfile=nju0ndm3nje4m19fx19pd2vjzxr1lmv4zq=="; http_uri; depth:75; isdataat:!1,relative; content:"turismolenzarote.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163825/; classtype:trojan-activity;sid:81026925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ktr/227.exe"; http_uri; depth:12; isdataat:!1,relative; content:"fileloader.netx.host"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163824/; classtype:trojan-activity;sid:81026924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; content:"107.172.41.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163823/; classtype:trojan-activity;sid:81026923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; content:"107.172.41.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163822/; classtype:trojan-activity;sid:81026922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nut"; http_uri; depth:4; isdataat:!1,relative; content:"107.172.41.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163821/; classtype:trojan-activity;sid:81026921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; content:"107.172.41.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163820/; classtype:trojan-activity;sid:81026920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; content:"145.239.222.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163819/; classtype:trojan-activity;sid:81026919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tenshiarm6"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.23.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163818/; classtype:trojan-activity;sid:81026918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/20160101/%e7%9c%9f%e5%ae%9e%e8%b0%8e%e8%a8%80%e4%b8%96%e7%95%8c%e7%89%88.exe"; http_uri; depth:77; isdataat:!1,relative; content:"s14b.91danji.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163817/; classtype:trojan-activity;sid:81026917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/soft3/portfreeproductionprogram.zip"; http_uri; depth:36; isdataat:!1,relative; content:"dx.198424.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163816/; classtype:trojan-activity;sid:81026916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tenshim68k"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.23.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163815/; classtype:trojan-activity;sid:81026915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tenshii686"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.23.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163813/; classtype:trojan-activity;sid:81026913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tenshix86"; http_uri; depth:10; isdataat:!1,relative; content:"104.248.23.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163814/; classtype:trojan-activity;sid:81026914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; content:"107.172.41.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163812/; classtype:trojan-activity;sid:81026912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; content:"107.172.41.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163811/; classtype:trojan-activity;sid:81026911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; content:"107.172.41.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163810/; classtype:trojan-activity;sid:81026910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tenshimips"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.23.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163809/; classtype:trojan-activity;sid:81026909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; content:"107.172.41.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163808/; classtype:trojan-activity;sid:81026908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tenshifuck"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.23.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163807/; classtype:trojan-activity;sid:81026907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; content:"107.172.41.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163806/; classtype:trojan-activity;sid:81026906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; content:"107.172.41.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163805/; classtype:trojan-activity;sid:81026905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tenshimipsel"; http_uri; depth:13; isdataat:!1,relative; content:"104.248.23.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163804/; classtype:trojan-activity;sid:81026904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tenshippc"; http_uri; depth:10; isdataat:!1,relative; content:"104.248.23.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163803/; classtype:trojan-activity;sid:81026903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tenshish"; http_uri; depth:9; isdataat:!1,relative; content:"104.248.23.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163802/; classtype:trojan-activity;sid:81026902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; content:"107.172.41.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163801/; classtype:trojan-activity;sid:81026901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tenshish4"; http_uri; depth:10; isdataat:!1,relative; content:"104.248.23.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163800/; classtype:trojan-activity;sid:81026900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tenshii586"; http_uri; depth:11; isdataat:!1,relative; content:"104.248.23.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163799/; classtype:trojan-activity;sid:81026899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; content:"107.172.41.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163798/; classtype:trojan-activity;sid:81026898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/web/customer_files/1019027505164/outstanding%20payment%20copy.zipexpires=2075494478|26|awsaccesskeyid=akiajropqdftihbtljjq|26|signature=7th4mckzx%2fev0h5qom7yn5hjtue%3d|26|response-content-disposition=attachment"; http_uri; depth:212; isdataat:!1,relative; content:"glip-vault-1.s3-accelerate.amazonaws.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163797/; classtype:trojan-activity;sid:81026897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/pomo/bk.zip"; http_uri; depth:24; isdataat:!1,relative; content:"emapla.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163796/; classtype:trojan-activity;sid:81026896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hitokoto/50s0-hikeql-hefaybcv/"; http_uri; depth:31; isdataat:!1,relative; content:"acdswd.cn"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163795/; classtype:trojan-activity;sid:81026895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/vaeao-wdl5w-pomqkvtfy/"; http_uri; depth:34; isdataat:!1,relative; content:"vicentinos.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163794/; classtype:trojan-activity;sid:81026894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app/cache/nz66x-93zi91-zduyxo/"; http_uri; depth:31; isdataat:!1,relative; content:"cbaia.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163793/; classtype:trojan-activity;sid:81026893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hitokoto/50s0-hikeql-hefaybcv/"; http_uri; depth:31; isdataat:!1,relative; content:"acdswd.cn"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163792/; classtype:trojan-activity;sid:81026892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/bnla6-97kbu7-cpgsilot/"; http_uri; depth:34; isdataat:!1,relative; content:"kuliner.ilmci.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163791/; classtype:trojan-activity;sid:81026891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/accounting/documents/download.phpfile=njm0ndexmjkwof9fx19zy2fux2tvbs5wbmc="; http_uri; depth:75; isdataat:!1,relative; content:"turismolenzarote.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163790/; classtype:trojan-activity;sid:81026890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/images/nature/noo7.exe"; http_uri; depth:39; isdataat:!1,relative; content:"ahsantiago.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163789/; classtype:trojan-activity;sid:81026889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/a07s4ivt6vl9jso95mkh18dauafggbpq/1553205600000/14063452590226117103/*/1cj5lv7phqihkuaeeggt34mqf8zk0aiice=download"; http_uri; depth:161; isdataat:!1,relative; content:"doc-0c-0c-docs.googleusercontent.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/163788/; classtype:trojan-activity;sid:81026888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sec.myacc.resourses.net/"; http_uri; depth:37; isdataat:!1,relative; content:"psiconegocios.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163787/; classtype:trojan-activity;sid:81026887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/maps1315/trust.myacc.send.net/"; http_uri; depth:31; isdataat:!1,relative; content:"ngl-consulting.pt"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163786/; classtype:trojan-activity;sid:81026886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/resources/sec.myaccount.resourses.net/"; http_uri; depth:39; isdataat:!1,relative; content:"bubam.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163785/; classtype:trojan-activity;sid:81026885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.myacc.docs.biz/"; http_uri; depth:33; isdataat:!1,relative; content:"avondale.net.nz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163784/; classtype:trojan-activity;sid:81026884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.accs.send.com/"; http_uri; depth:33; isdataat:!1,relative; content:"arasys.ir"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163783/; classtype:trojan-activity;sid:81026883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/brigmail/sec.accs.resourses.net/"; http_uri; depth:33; isdataat:!1,relative; content:"brigma.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163782/; classtype:trojan-activity;sid:81026882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/a7kuxbk/sec.myacc.resourses.net/"; http_uri; depth:33; isdataat:!1,relative; content:"www.shreyagupta.co.in"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163781/; classtype:trojan-activity;sid:81026881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wk0xsed/trust.accounts.send.biz/"; http_uri; depth:33; isdataat:!1,relative; content:"students.allstardentalacademy.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163780/; classtype:trojan-activity;sid:81026880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nnbct1l/secure.myacc.send.net/"; http_uri; depth:31; isdataat:!1,relative; content:"newerlife.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163779/; classtype:trojan-activity;sid:81026879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/frubox.in/secure.myacc.resourses.net/"; http_uri; depth:38; isdataat:!1,relative; content:"aapnnihotel.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163778/; classtype:trojan-activity;sid:81026878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tjsml4o/secure.myaccount.send.net/"; http_uri; depth:35; isdataat:!1,relative; content:"mhsalum.isinqa.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163777/; classtype:trojan-activity;sid:81026877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/wp-admin/includes/morgan.exe"; http_uri; depth:34; isdataat:!1,relative; content:"apsoluta.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163776/; classtype:trojan-activity;sid:81026876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/z05-9406442l990704899.zip"; http_uri; depth:26; isdataat:!1,relative; content:"www.jerseyfoodandlife.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163775/; classtype:trojan-activity;sid:81026875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/room1/1.rar"; http_uri; depth:12; isdataat:!1,relative; content:"kdsp.co.kr"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163774/; classtype:trojan-activity;sid:81026874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/installw.exe"; http_uri; depth:13; isdataat:!1,relative; content:"bookt.ru"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163773/; classtype:trojan-activity;sid:81026873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/trust.myacc.send.com/"; http_uri; depth:29; isdataat:!1,relative; content:"agtrade.hu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163772/; classtype:trojan-activity;sid:81026872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/fonts/sec.accs.resourses.biz/"; http_uri; depth:30; isdataat:!1,relative; content:"adsmith.in"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163771/; classtype:trojan-activity;sid:81026871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.myacc.resourses.net/"; http_uri; depth:37; isdataat:!1,relative; content:"applestore.kz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163770/; classtype:trojan-activity;sid:81026870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.myacc.send.net/"; http_uri; depth:32; isdataat:!1,relative; content:"donghua.ren"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163769/; classtype:trojan-activity;sid:81026869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hzjvbhz/sec.myacc.docs.com/"; http_uri; depth:28; isdataat:!1,relative; content:"portalfreightforwarder.com.my"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163768/; classtype:trojan-activity;sid:81026868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/onepage-lite/fonts/tssx.exe"; http_uri; depth:46; isdataat:!1,relative; content:"dynamicmike.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163767/; classtype:trojan-activity;sid:81026867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/09315-a465299d-aad0-4a26-9adc-2b2951575c1b.docdownload"; http_uri; depth:55; isdataat:!1,relative; content:"grabilla.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163766/; classtype:trojan-activity;sid:81026866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/sec.accounts.resourses.net/"; http_uri; depth:35; isdataat:!1,relative; content:"dekorant.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163765/; classtype:trojan-activity;sid:81026865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test777/verif.myaccount.resourses.net/"; http_uri; depth:39; isdataat:!1,relative; content:"completerubbishremoval.net.au"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163764/; classtype:trojan-activity;sid:81026864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/zaradise/secure.myacc.docs.com/"; http_uri; depth:50; isdataat:!1,relative; content:"styllaz.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163763/; classtype:trojan-activity;sid:81026863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/klzb.jpg"; http_uri; depth:12; isdataat:!1,relative; content:"mospg.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163762/; classtype:trojan-activity;sid:81026862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/trust.accounts.resourses.net/"; http_uri; depth:35; isdataat:!1,relative; content:"epixeiroconsulting.biz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163761/; classtype:trojan-activity;sid:81026861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/09311-c5e71cc6-0524-492c-bcc4-3e0c9e80a8fa.docdownload"; http_uri; depth:55; isdataat:!1,relative; content:"grabilla.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163760/; classtype:trojan-activity;sid:81026860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/modules/secure.myacc.send.com/"; http_uri; depth:31; isdataat:!1,relative; content:"martstudio.si"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163759/; classtype:trojan-activity;sid:81026859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.accs.resourses.net/"; http_uri; depth:37; isdataat:!1,relative; content:"club-finance.eclair.ec-lyon.fr"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163758/; classtype:trojan-activity;sid:81026858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/09315-a465299d-aad0-4a26-9adc-2b2951575c1b.docdownload,heuristic"; http_uri; depth:65; isdataat:!1,relative; content:"grabilla.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163757/; classtype:trojan-activity;sid:81026857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/101.jpg"; http_uri; depth:11; isdataat:!1,relative; content:"mospg.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163756/; classtype:trojan-activity;sid:81026856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blogs/za7t-a58khp-xcmmybdgh/"; http_uri; depth:29; isdataat:!1,relative; content:"gilsanbus.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163755/; classtype:trojan-activity;sid:81026855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ryxqrrh/dlv2c-x57vpr-eznuozdvl/"; http_uri; depth:32; isdataat:!1,relative; content:"alatbarber.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163754/; classtype:trojan-activity;sid:81026854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/duq8qvv/sec.myacc.docs.net/"; http_uri; depth:28; isdataat:!1,relative; content:"twistingdistance.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163753/; classtype:trojan-activity;sid:81026853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/verif.myacc.docs.biz/"; http_uri; depth:31; isdataat:!1,relative; content:"btworldofcomputer.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163752/; classtype:trojan-activity;sid:81026852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/wqz67-zmwhb-kdsctt/"; http_uri; depth:29; isdataat:!1,relative; content:"hotel-krishnainternational.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163751/; classtype:trojan-activity;sid:81026851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iaf6u7/secure.accs.docs.net/"; http_uri; depth:29; isdataat:!1,relative; content:"chavakuk.demo.btechinfo.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163750/; classtype:trojan-activity;sid:81026850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/x8ic-qmwfo6-htiyuql/"; http_uri; depth:30; isdataat:!1,relative; content:"evergreenschoolskatsina.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163749/; classtype:trojan-activity;sid:81026849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kfu3prn/verif.accs.docs.com/"; http_uri; depth:29; isdataat:!1,relative; content:"majorpart.co.th"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163748/; classtype:trojan-activity;sid:81026848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/p294-4yl2l-wqasood/"; http_uri; depth:44; isdataat:!1,relative; content:"pustaka.geotek.lipi.go.id"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163747/; classtype:trojan-activity;sid:81026847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bahoma.net/secure.myaccount.docs.net/"; http_uri; depth:38; isdataat:!1,relative; content:"bahoma.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163745/; classtype:trojan-activity;sid:81026845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/carole/mvuk-smnz2z-skoee/"; http_uri; depth:26; isdataat:!1,relative; content:"chang.be"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163746/; classtype:trojan-activity;sid:81026846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/colors/6e2xl-8odh7-itbjtntln/"; http_uri; depth:43; isdataat:!1,relative; content:"test.atnc.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163744/; classtype:trojan-activity;sid:81026844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sec.myacc.send.net/"; http_uri; depth:31; isdataat:!1,relative; content:"mkwu.borneo.ac.id"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163743/; classtype:trojan-activity;sid:81026843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/trust.myacc.send.net/"; http_uri; depth:33; isdataat:!1,relative; content:"www.oakvilleshops.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163742/; classtype:trojan-activity;sid:81026842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/r5romlp/verif.myacc.resourses.biz/"; http_uri; depth:35; isdataat:!1,relative; content:"weg-aus-dem-hamsterrad.de"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163741/; classtype:trojan-activity;sid:81026841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/forum/en8xj-glwxb-mlscdmnzv/"; http_uri; depth:29; isdataat:!1,relative; content:"aussiescanners.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163740/; classtype:trojan-activity;sid:81026840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.myacc.docs.biz/"; http_uri; depth:32; isdataat:!1,relative; content:"thanhthanhtungstone.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163739/; classtype:trojan-activity;sid:81026839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sitemaps/hnv0-f7rsw-omoeozl/"; http_uri; depth:29; isdataat:!1,relative; content:"vrinfortel.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163738/; classtype:trojan-activity;sid:81026838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/7t8yjje/verif.myacc.docs.net/"; http_uri; depth:30; isdataat:!1,relative; content:"iqkqqq.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163737/; classtype:trojan-activity;sid:81026837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/09314-b56baf51-dd21-428a-a719-45f80ac79c08.exe"; http_uri; depth:47; isdataat:!1,relative; content:"grabilla.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163736/; classtype:trojan-activity;sid:81026836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/marbel/tucmv-z5oog-trcgptrv/"; http_uri; depth:29; isdataat:!1,relative; content:"chawtechsolutions.in"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163735/; classtype:trojan-activity;sid:81026835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.myaccount.docs.net/"; http_uri; depth:33; isdataat:!1,relative; content:"loweralabamagolf.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163734/; classtype:trojan-activity;sid:81026834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/uploadedimages/htft-bgecxn-qswhxe/"; http_uri; depth:35; isdataat:!1,relative; content:"aartista.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163733/; classtype:trojan-activity;sid:81026833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.accs.docs.net/"; http_uri; depth:33; isdataat:!1,relative; content:"save24x7.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163732/; classtype:trojan-activity;sid:81026832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ucrh-rlght-mtycnn/"; http_uri; depth:30; isdataat:!1,relative; content:"omgbeautyshop.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163731/; classtype:trojan-activity;sid:81026831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/initiative2/secure.myacc.docs.net/"; http_uri; depth:35; isdataat:!1,relative; content:"theinitiative.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163730/; classtype:trojan-activity;sid:81026830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/zaxyzgc/flxk/"; http_uri; depth:14; isdataat:!1,relative; content:"qc-isf.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163729/; classtype:trojan-activity;sid:81026829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/hvn/"; http_uri; depth:14; isdataat:!1,relative; content:"oykadanismanlik.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163728/; classtype:trojan-activity;sid:81026828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/gwv/"; http_uri; depth:16; isdataat:!1,relative; content:"www.mqhealthcare.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163727/; classtype:trojan-activity;sid:81026827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/2sp/"; http_uri; depth:16; isdataat:!1,relative; content:"iheartflix.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163726/; classtype:trojan-activity;sid:81026826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/user/6c/"; http_uri; depth:18; isdataat:!1,relative; content:"www.palmettoslidingdoorrepair.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163725/; classtype:trojan-activity;sid:81026825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.accounts.docs.com/"; http_uri; depth:37; isdataat:!1,relative; content:"patinvietnam.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163724/; classtype:trojan-activity;sid:81026824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/lo57-bs6f6e-rgahepvm/"; http_uri; depth:32; isdataat:!1,relative; content:"sastadigitalagency.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163723/; classtype:trojan-activity;sid:81026823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/p93g-bi64p-ntxu/"; http_uri; depth:29; isdataat:!1,relative; content:"businessinsiderau.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163722/; classtype:trojan-activity;sid:81026822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test777/verif.myaccount.resourses.net/"; http_uri; depth:39; isdataat:!1,relative; content:"completerubbishremoval.net.au"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163721/; classtype:trojan-activity;sid:81026821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/crm/6zpu-x5hypk-qwgddvzam/"; http_uri; depth:27; isdataat:!1,relative; content:"servinfo.com.uy"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163720/; classtype:trojan-activity;sid:81026820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/wp-includes/26j4-cl97tm-podge/"; http_uri; depth:36; isdataat:!1,relative; content:"picntic.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163719/; classtype:trojan-activity;sid:81026819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/50o8-9m05h-ebdrn/"; http_uri; depth:30; isdataat:!1,relative; content:"warmingmission.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163718/; classtype:trojan-activity;sid:81026818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/sec.accs.docs.biz/"; http_uri; depth:29; isdataat:!1,relative; content:"yasammutfak.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163717/; classtype:trojan-activity;sid:81026817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/0pzp-gjg9f-jzkxny/"; http_uri; depth:28; isdataat:!1,relative; content:"scubadiver.bg"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163716/; classtype:trojan-activity;sid:81026816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ryxqrrh/dlv2c-x57vpr-eznuozdvl//"; http_uri; depth:33; isdataat:!1,relative; content:"alatbarber.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163715/; classtype:trojan-activity;sid:81026815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ryxqrrh/dlv2c-x57vpr-eznuozdvl/"; http_uri; depth:32; isdataat:!1,relative; content:"alatbarber.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163714/; classtype:trojan-activity;sid:81026814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sec.accounts.resourses.net/"; http_uri; depth:40; isdataat:!1,relative; content:"lifestylescape.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163713/; classtype:trojan-activity;sid:81026813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/language/f69u-29kzr9-dtvdnbuxu/"; http_uri; depth:32; isdataat:!1,relative; content:"1lorawicz.pl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163712/; classtype:trojan-activity;sid:81026812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/journal/trust.accs.send.biz/"; http_uri; depth:29; isdataat:!1,relative; content:"mnatura.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163711/; classtype:trojan-activity;sid:81026811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sxua1-pto2um-xmsecygp/"; http_uri; depth:34; isdataat:!1,relative; content:"www.mfbeetech.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163710/; classtype:trojan-activity;sid:81026810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/secure.accs.docs.net/"; http_uri; depth:34; isdataat:!1,relative; content:"solucanciftlikleri.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163709/; classtype:trojan-activity;sid:81026809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nyhedsmail-hjemmeside-aarhus/q6yv7-wyb03-nhihj/"; http_uri; depth:48; isdataat:!1,relative; content:"firstimpress.dk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163708/; classtype:trojan-activity;sid:81026808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/bni8-js5s5o-nhdwp/"; http_uri; depth:30; isdataat:!1,relative; content:"algarmen.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163707/; classtype:trojan-activity;sid:81026807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.accs.resourses.net/"; http_uri; depth:38; isdataat:!1,relative; content:"24-sata.club"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163706/; classtype:trojan-activity;sid:81026806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/promocao/m8ui-yxpx8-ylwnaicvi/"; http_uri; depth:31; isdataat:!1,relative; content:"amturbonet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163705/; classtype:trojan-activity;sid:81026805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/trust.accs.resourses.net/"; http_uri; depth:35; isdataat:!1,relative; content:"dochoixyz.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163704/; classtype:trojan-activity;sid:81026804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/en_us/def6-1ugvc-vcjp/"; http_uri; depth:23; isdataat:!1,relative; content:"allsignsofohio.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163703/; classtype:trojan-activity;sid:81026803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/7oye-bsxj12-ehcmaa/"; http_uri; depth:29; isdataat:!1,relative; content:"enpress-publisher.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163702/; classtype:trojan-activity;sid:81026802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sitemaps/trust.myaccount.send.biz/"; http_uri; depth:35; isdataat:!1,relative; content:"rajans.lk"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163701/; classtype:trojan-activity;sid:81026801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.myacc.resourses.net/"; http_uri; depth:34; isdataat:!1,relative; content:"blu-motion.co.za"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163700/; classtype:trojan-activity;sid:81026800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/adamjmark/nm7f-3uwvl-ctbejp/"; http_uri; depth:29; isdataat:!1,relative; content:"adammark2009.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163699/; classtype:trojan-activity;sid:81026799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-admin/css/colors/blue/gr.mpwq"; http_uri; depth:43; isdataat:!1,relative; content:"thebackslant.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163698/; classtype:trojan-activity;sid:81026798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/it-solution-pro/customizer/assets/images/hp.gf"; http_uri; depth:65; isdataat:!1,relative; content:"imtechsols.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163697/; classtype:trojan-activity;sid:81026797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/046dh-bu84e-ejyhat/"; http_uri; depth:32; isdataat:!1,relative; content:"engadgetlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163696/; classtype:trojan-activity;sid:81026796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/familytree/index/sec.accounts.resourses.net/"; http_uri; depth:45; isdataat:!1,relative; content:"4theweb.co.uk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163695/; classtype:trojan-activity;sid:81026795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/la4dhk7/qbsy-kqv4g-hdry/"; http_uri; depth:25; isdataat:!1,relative; content:"stimuluspsicologia.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163694/; classtype:trojan-activity;sid:81026794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/trust.myacc.send.net/"; http_uri; depth:33; isdataat:!1,relative; content:"www.oakvilleshops.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163693/; classtype:trojan-activity;sid:81026793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/n68g-sfbwbe-adhvs/"; http_uri; depth:29; isdataat:!1,relative; content:"icei.pucminas.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163692/; classtype:trojan-activity;sid:81026792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/jab5-5fd4t-azil/"; http_uri; depth:26; isdataat:!1,relative; content:"trangbatdongsanhanoi.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163691/; classtype:trojan-activity;sid:81026791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.myaccount.send.net/"; http_uri; depth:38; isdataat:!1,relative; content:"crazyhalftime.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163690/; classtype:trojan-activity;sid:81026790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/u37z-87u44-pidkdfigd/"; http_uri; depth:34; isdataat:!1,relative; content:"moarajaya.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163689/; classtype:trojan-activity;sid:81026789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/foodica/assets/css/hp.gf"; http_uri; depth:43; isdataat:!1,relative; content:"majelisalanwar.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163688/; classtype:trojan-activity;sid:81026788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/css/gr.mpwq"; http_uri; depth:28; isdataat:!1,relative; content:"jornalvisao.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163687/; classtype:trojan-activity;sid:81026787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/acme-challenge/hp.gf"; http_uri; depth:33; isdataat:!1,relative; content:"greenertrack.info"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163686/; classtype:trojan-activity;sid:81026786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentyseventeen/inc/gr.mpwq"; http_uri; depth:46; isdataat:!1,relative; content:"kevver.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163685/; classtype:trojan-activity;sid:81026785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/onepage-lite/fonts/hp.gf"; http_uri; depth:43; isdataat:!1,relative; content:"dynamicmike.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163684/; classtype:trojan-activity;sid:81026784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/notio-wp/vc_templates/hp.gf"; http_uri; depth:46; isdataat:!1,relative; content:"clou-ud.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163683/; classtype:trojan-activity;sid:81026783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/hp.gf"; http_uri; depth:14; isdataat:!1,relative; content:"heavyarmorsecurity.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163682/; classtype:trojan-activity;sid:81026782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/all-kind-of-everything/css/hp.gf"; http_uri; depth:51; isdataat:!1,relative; content:"all-kinds-of-everything.ie"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163681/; classtype:trojan-activity;sid:81026781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/elsterwetter16b/images/system/hp.gf"; http_uri; depth:46; isdataat:!1,relative; content:"frabey.de"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163680/; classtype:trojan-activity;sid:81026780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/discussiono/hp.gf"; http_uri; depth:18; isdataat:!1,relative; content:"unlimitedbags.club"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163679/; classtype:trojan-activity;sid:81026779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.myacc.docs.com/"; http_uri; depth:34; isdataat:!1,relative; content:"912graphics.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163678/; classtype:trojan-activity;sid:81026778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.accs.send.com/"; http_uri; depth:33; isdataat:!1,relative; content:"fpmanufactory.art"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163677/; classtype:trojan-activity;sid:81026777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/r5romlp/verif.myacc.resourses.biz/"; http_uri; depth:35; isdataat:!1,relative; content:"weg-aus-dem-hamsterrad.de"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163676/; classtype:trojan-activity;sid:81026776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/rope/om.exe"; http_uri; depth:12; isdataat:!1,relative; content:"awdmiami.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163675/; classtype:trojan-activity;sid:81026775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.accs.send.net/"; http_uri; depth:33; isdataat:!1,relative; content:"ellensbrook.com.au"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163674/; classtype:trojan-activity;sid:81026774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/trust.myaccount.docs.com/"; http_uri; depth:35; isdataat:!1,relative; content:"bucanieriperu.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163673/; classtype:trojan-activity;sid:81026773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/trust.myaccount.docs.biz/"; http_uri; depth:35; isdataat:!1,relative; content:"alsinaeventos.com.ar"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163672/; classtype:trojan-activity;sid:81026772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.myacc.docs.net/"; http_uri; depth:33; isdataat:!1,relative; content:"www.zhaozewei.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163671/; classtype:trojan-activity;sid:81026771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/postnewl/trust.myacc.resourses.com/"; http_uri; depth:36; isdataat:!1,relative; content:"gamudagardencity.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163670/; classtype:trojan-activity;sid:81026770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.accs.resourses.net/"; http_uri; depth:38; isdataat:!1,relative; content:"waverleychauffeurs.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163669/; classtype:trojan-activity;sid:81026769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.accounts.resourses.biz/"; http_uri; depth:42; isdataat:!1,relative; content:"www.promo-snap.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163668/; classtype:trojan-activity;sid:81026768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/secure.myacc.send.com/"; http_uri; depth:35; isdataat:!1,relative; content:"gavinsmithpoker.co.uk"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163667/; classtype:trojan-activity;sid:81026767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/trust.accs.resourses.biz/"; http_uri; depth:35; isdataat:!1,relative; content:"laconversation-spectacle.fr"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163666/; classtype:trojan-activity;sid:81026766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/verif.accounts.docs.biz/"; http_uri; depth:34; isdataat:!1,relative; content:"hbsnepal.com.np"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163665/; classtype:trojan-activity;sid:81026765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xdctw/verif.accounts.resourses.com/"; http_uri; depth:36; isdataat:!1,relative; content:"kennedyprosper.com.ng"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163664/; classtype:trojan-activity;sid:81026764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/verif.accs.resourses.biz/"; http_uri; depth:36; isdataat:!1,relative; content:"plumbersinchristchurch.co.uk"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163663/; classtype:trojan-activity;sid:81026763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.accounts.docs.com/"; http_uri; depth:37; isdataat:!1,relative; content:"modps11.lib.kmutt.ac.th"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163662/; classtype:trojan-activity;sid:81026762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sec.myaccount.resourses.com/"; http_uri; depth:40; isdataat:!1,relative; content:"tlslbrands.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163661/; classtype:trojan-activity;sid:81026761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.myacc.docs.net/"; http_uri; depth:29; isdataat:!1,relative; content:"sloar.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163660/; classtype:trojan-activity;sid:81026760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/secure.accounts.docs.biz/"; http_uri; depth:34; isdataat:!1,relative; content:"janskaffebar.dk"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163659/; classtype:trojan-activity;sid:81026759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sec.myacc.docs.net/"; http_uri; depth:32; isdataat:!1,relative; content:"dakedava.ir"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163658/; classtype:trojan-activity;sid:81026758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ggtmsoj/secure.myaccount.resourses.net/"; http_uri; depth:40; isdataat:!1,relative; content:"jp-exceed.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163657/; classtype:trojan-activity;sid:81026757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sec.accounts.docs.com/"; http_uri; depth:34; isdataat:!1,relative; content:"kredittkortinfo.no"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163656/; classtype:trojan-activity;sid:81026756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.myaccount.send.biz/"; http_uri; depth:38; isdataat:!1,relative; content:"amenie-tech.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163655/; classtype:trojan-activity;sid:81026755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.accs.send.net/"; http_uri; depth:33; isdataat:!1,relative; content:"parenting.ilmci.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163654/; classtype:trojan-activity;sid:81026754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.accounts.resourses.biz/"; http_uri; depth:42; isdataat:!1,relative; content:"www.promo-snap.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163653/; classtype:trojan-activity;sid:81026753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/apxiay8/verif.accounts.send.net/"; http_uri; depth:33; isdataat:!1,relative; content:"nissanlevanluong.com.vn"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163652/; classtype:trojan-activity;sid:81026752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/sec.accounts.docs.net/"; http_uri; depth:42; isdataat:!1,relative; content:"himafis.mipa.uns.ac.id"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163651/; classtype:trojan-activity;sid:81026751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/6csq8lp/trust.myacc.send.biz/"; http_uri; depth:30; isdataat:!1,relative; content:"trackfinderpestcontrol.co.uk"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163650/; classtype:trojan-activity;sid:81026750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/configweb/verif.accounts.send.com/"; http_uri; depth:35; isdataat:!1,relative; content:"hogtrain.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163649/; classtype:trojan-activity;sid:81026749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/secure.accs.resourses.biz/"; http_uri; depth:35; isdataat:!1,relative; content:"fishingcan.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163648/; classtype:trojan-activity;sid:81026748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/language/secure.accounts.resourses.com/"; http_uri; depth:40; isdataat:!1,relative; content:"dralife.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163647/; classtype:trojan-activity;sid:81026747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.accs.resourses.net/"; http_uri; depth:33; isdataat:!1,relative; content:"hoangdat.vn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163646/; classtype:trojan-activity;sid:81026746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/secure.myacc.send.biz/"; http_uri; depth:30; isdataat:!1,relative; content:"austrailersqueensland.com.au"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163645/; classtype:trojan-activity;sid:81026745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/iaa3zsq/secure.accounts.send.biz/"; http_uri; depth:34; isdataat:!1,relative; content:"cbsportsphotography.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163644/; classtype:trojan-activity;sid:81026744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/postnewl/trust.myacc.resourses.com/"; http_uri; depth:36; isdataat:!1,relative; content:"gamudagardencity.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163643/; classtype:trojan-activity;sid:81026743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/verif.accs.resourses.biz/"; http_uri; depth:34; isdataat:!1,relative; content:"wickedcloudsok.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163642/; classtype:trojan-activity;sid:81026742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sec.accounts.resourses.biz/"; http_uri; depth:39; isdataat:!1,relative; content:"cowvpen2018.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163641/; classtype:trojan-activity;sid:81026741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/trust.accs.resourses.biz/"; http_uri; depth:37; isdataat:!1,relative; content:"www.innovatehub.co.uk"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163640/; classtype:trojan-activity;sid:81026740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/jony.jpg"; http_uri; depth:12; isdataat:!1,relative; content:"mospg.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163639/; classtype:trojan-activity;sid:81026739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/verif.myacc.resourses.com/"; http_uri; depth:35; isdataat:!1,relative; content:"chobshops.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163638/; classtype:trojan-activity;sid:81026738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/g20mj-cdan7g-bfnfjlzss/"; http_uri; depth:33; isdataat:!1,relative; content:"fattane.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163637/; classtype:trojan-activity;sid:81026737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/trust.accs.resourses.biz/"; http_uri; depth:37; isdataat:!1,relative; content:"www.innovatehub.co.uk"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163636/; classtype:trojan-activity;sid:81026736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.accounts.docs.com/"; http_uri; depth:37; isdataat:!1,relative; content:"modps11.lib.kmutt.ac.th"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163635/; classtype:trojan-activity;sid:81026735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/web1/verif.accounts.docs.net/"; http_uri; depth:30; isdataat:!1,relative; content:"cronicas.com.do"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163634/; classtype:trojan-activity;sid:81026734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.accounts.docs.com/"; http_uri; depth:37; isdataat:!1,relative; content:"patinvietnam.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163633/; classtype:trojan-activity;sid:81026733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/verif.myaccount.send.com/"; http_uri; depth:38; isdataat:!1,relative; content:"l8st.win"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163632/; classtype:trojan-activity;sid:81026732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.accounts.docs.com"; http_uri; depth:36; isdataat:!1,relative; content:"modps11.lib.kmutt.ac.th"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163631/; classtype:trojan-activity;sid:81026731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.myacc.docs.net/"; http_uri; depth:33; isdataat:!1,relative; content:"www.zhaozewei.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163630/; classtype:trojan-activity;sid:81026730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/megabusbandung.com/secure.myacc.docs.biz/"; http_uri; depth:42; isdataat:!1,relative; content:"www.kuy-ah.id"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163629/; classtype:trojan-activity;sid:81026729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/admin/skb4kx6-eu3bu-mzlqksg/"; http_uri; depth:29; isdataat:!1,relative; content:"xn--mellanmjlk-lcb.se"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163628/; classtype:trojan-activity;sid:81026728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plugins/secure.myacc.resourses.com/"; http_uri; depth:36; isdataat:!1,relative; content:"cityplus-tver.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163627/; classtype:trojan-activity;sid:81026727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blogs/sec.myacc.resourses.net/"; http_uri; depth:31; isdataat:!1,relative; content:"ayanafriedman.co.il"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163626/; classtype:trojan-activity;sid:81026726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/img/verif.accounts.resourses.com/"; http_uri; depth:34; isdataat:!1,relative; content:"feder-edusi.quartdepoblet.es"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163625/; classtype:trojan-activity;sid:81026725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/verif.myaccount.docs.net/"; http_uri; depth:34; isdataat:!1,relative; content:"artprintgard.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163624/; classtype:trojan-activity;sid:81026724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2/m7.exe"; http_uri; depth:9; isdataat:!1,relative; content:"dan-rno.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163623/; classtype:trojan-activity;sid:81026723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/trust.accs.resourses.net/"; http_uri; depth:37; isdataat:!1,relative; content:"cardioplus.com.ua"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163622/; classtype:trojan-activity;sid:81026722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/plt/verif.myaccount.docs.net/"; http_uri; depth:30; isdataat:!1,relative; content:"library.phibi.my.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163621/; classtype:trojan-activity;sid:81026721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/secure.accs.send.net/"; http_uri; depth:34; isdataat:!1,relative; content:"vendaiot.ir"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163620/; classtype:trojan-activity;sid:81026720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/backup/kgdf-ooopttz-vtujb/"; http_uri; depth:27; isdataat:!1,relative; content:"vshopbuy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163619/; classtype:trojan-activity;sid:81026719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/filemanager/r3acb-390nr9-dlbyrdm/"; http_uri; depth:34; isdataat:!1,relative; content:"serverhost.review"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163618/; classtype:trojan-activity;sid:81026718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/image/album/normal/status/invoice-50398960-invoice-date-061118-order-no-6094361725"; http_uri; depth:83; isdataat:!1,relative; content:"datos.com.tw"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163617/; classtype:trojan-activity;sid:81026717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/vc26td-dwlpcc-ttthe/"; http_uri; depth:29; isdataat:!1,relative; content:"wpcreator.ir"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163616/; classtype:trojan-activity;sid:81026716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/h943v-9vdbw-ciesxhhv/"; http_uri; depth:32; isdataat:!1,relative; content:"crearquitectos.es"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163615/; classtype:trojan-activity;sid:81026715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/shopinsta/0iluzo7-5x4e59-pkanra/"; http_uri; depth:33; isdataat:!1,relative; content:"shopinsta.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163613/; classtype:trojan-activity;sid:81026713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mon-espace-personnel/facture-prestation-rr-533538719"; http_uri; depth:53; isdataat:!1,relative; content:"tasksprojectsgoals.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163614/; classtype:trojan-activity;sid:81026714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mon-espace-personnel/facture-prestation-dv-47949199"; http_uri; depth:52; isdataat:!1,relative; content:"monglee.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163612/; classtype:trojan-activity;sid:81026712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cqcallbookinstaller.exe"; http_uri; depth:34; isdataat:!1,relative; content:"www.cqlog.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163611/; classtype:trojan-activity;sid:81026711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/induscity/lang/sserv.jpg"; http_uri; depth:43; isdataat:!1,relative; content:"pedulirakyataceh.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163610/; classtype:trojan-activity;sid:81026710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mon-espace-personnel/facture-prestation-u-359355"; http_uri; depth:49; isdataat:!1,relative; content:"reeltorealomaha.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163609/; classtype:trojan-activity;sid:81026709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/modules/dq50-61o2yp-cwil/"; http_uri; depth:26; isdataat:!1,relative; content:"pierwszajazda.com.pl"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163608/; classtype:trojan-activity;sid:81026708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/induscity/js/backend/sserv.jpg"; http_uri; depth:49; isdataat:!1,relative; content:"pedulirakyataceh.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163607/; classtype:trojan-activity;sid:81026707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/z2o7soy/xyqy2-hfpd0-fizes/"; http_uri; depth:27; isdataat:!1,relative; content:"helpforhealth.co.nz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163606/; classtype:trojan-activity;sid:81026706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mon-espace-personnel/facture-prestation-l-7135266"; http_uri; depth:50; isdataat:!1,relative; content:"thecelticrebelshop.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163605/; classtype:trojan-activity;sid:81026705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/yemz1-26wvp-wxxhivb/"; http_uri; depth:30; isdataat:!1,relative; content:"varshatalaee.ir"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163604/; classtype:trojan-activity;sid:81026704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/09315-7bb97792-333e-4b65-974b-799d7bb01af7.exe"; http_uri; depth:47; isdataat:!1,relative; content:"grabilla.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163603/; classtype:trojan-activity;sid:81026703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/cve2-trb9q-xxmm/"; http_uri; depth:29; isdataat:!1,relative; content:"private-dining.com.ua"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163602/; classtype:trojan-activity;sid:81026702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/components/8qm4-3sybf-nntpycdd/"; http_uri; depth:32; isdataat:!1,relative; content:"agara.edu.ge"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163601/; classtype:trojan-activity;sid:81026701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/xvoxfp-oepyp3-azbkocu/"; http_uri; depth:35; isdataat:!1,relative; content:"web-market.ge"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163600/; classtype:trojan-activity;sid:81026700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ebinoffice.exe"; http_uri; depth:15; isdataat:!1,relative; content:"zicatrade.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163599/; classtype:trojan-activity;sid:81026699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/0xn1q-rroj5c-czjusav/"; http_uri; depth:32; isdataat:!1,relative; content:"vivavolei.cbv.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163598/; classtype:trojan-activity;sid:81026698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/db/work/config/4joho-h2t6ck-nfug/"; http_uri; depth:34; isdataat:!1,relative; content:"naqaae.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163597/; classtype:trojan-activity;sid:81026697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/srt/ooo.exe"; http_uri; depth:12; isdataat:!1,relative; content:"awdmiami.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163596/; classtype:trojan-activity;sid:81026696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/www/wp-admin/images/t4fan-yndp5p-rcfddhdc/"; http_uri; depth:43; isdataat:!1,relative; content:"praha-9.eu"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163595/; classtype:trojan-activity;sid:81026695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163594/; classtype:trojan-activity;sid:81026694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163593/; classtype:trojan-activity;sid:81026693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/comments/c8ax-j8t5sqd-faks/"; http_uri; depth:28; isdataat:!1,relative; content:"barbeque.kz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163592/; classtype:trojan-activity;sid:81026692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163591/; classtype:trojan-activity;sid:81026691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"34.65.206.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163590/; classtype:trojan-activity;sid:81026690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.accs.resourses.biz/"; http_uri; depth:37; isdataat:!1,relative; content:"xn--e1afbagbf0aikna0byb6g.xn--p1ai"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163589/; classtype:trojan-activity;sid:81026689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/e9zzj-sfmf3-lsinhdd/"; http_uri; depth:33; isdataat:!1,relative; content:"new.hostdone.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163588/; classtype:trojan-activity;sid:81026688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/asd.txt"; http_uri; depth:8; isdataat:!1,relative; content:"134.209.88.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163587/; classtype:trojan-activity;sid:81026687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/j0m0h1-w9egkz-isrjve/"; http_uri; depth:34; isdataat:!1,relative; content:"asasliteratura.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163586/; classtype:trojan-activity;sid:81026686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demo/wjpn-dad8h-lueh/"; http_uri; depth:22; isdataat:!1,relative; content:"zalogag.malopolska.pl"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163585/; classtype:trojan-activity;sid:81026685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/trust.myaccount.resourses.net/"; http_uri; depth:43; isdataat:!1,relative; content:"grina-profil.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163584/; classtype:trojan-activity;sid:81026684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/past-due-invoices"; http_uri; depth:18; isdataat:!1,relative; content:"dinobacciotti.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163583/; classtype:trojan-activity;sid:81026683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/induscity/woocommerce/cart/zinf.jpg"; http_uri; depth:54; isdataat:!1,relative; content:"pedulirakyataceh.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163582/; classtype:trojan-activity;sid:81026682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/wp-includes/26j4-cl97tm-podge/"; http_uri; depth:36; isdataat:!1,relative; content:"picntic.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163581/; classtype:trojan-activity;sid:81026681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/www.haishabu.com/8xcod-zz9hk-kdymyso/"; http_uri; depth:38; isdataat:!1,relative; content:"van-stratum.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163580/; classtype:trojan-activity;sid:81026680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.spc"; http_uri; depth:13; isdataat:!1,relative; content:"23.254.230.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163578/; classtype:trojan-activity;sid:81026678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.x86"; http_uri; depth:13; isdataat:!1,relative; content:"23.254.230.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163579/; classtype:trojan-activity;sid:81026679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"23.254.230.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163576/; classtype:trojan-activity;sid:81026676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"23.254.230.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163577/; classtype:trojan-activity;sid:81026677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.mips"; http_uri; depth:14; isdataat:!1,relative; content:"23.254.230.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163574/; classtype:trojan-activity;sid:81026674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"23.254.230.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163575/; classtype:trojan-activity;sid:81026675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"23.254.230.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163573/; classtype:trojan-activity;sid:81026673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"23.254.230.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163571/; classtype:trojan-activity;sid:81026671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"23.254.230.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163572/; classtype:trojan-activity;sid:81026672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm"; http_uri; depth:13; isdataat:!1,relative; content:"23.254.230.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163570/; classtype:trojan-activity;sid:81026670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/6huqlw-ykwgh-urhcca/"; http_uri; depth:32; isdataat:!1,relative; content:"doorspro.ie"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163569/; classtype:trojan-activity;sid:81026669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/errors/g1m4-sbeyj-lubo/"; http_uri; depth:24; isdataat:!1,relative; content:"wegrowth.shop"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163568/; classtype:trojan-activity;sid:81026668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/sec.accs.docs.com/"; http_uri; depth:27; isdataat:!1,relative; content:"haicunoi.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163567/; classtype:trojan-activity;sid:81026667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/libraries/cqzcm-1x06sy-jxmrts/"; http_uri; depth:31; isdataat:!1,relative; content:"millcreekfoundation.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163566/; classtype:trojan-activity;sid:81026666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sunless.m68k"; http_uri; depth:13; isdataat:!1,relative; content:"scanlisten.sunless.network"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163565/; classtype:trojan-activity;sid:81026665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sunless.ppc"; http_uri; depth:12; isdataat:!1,relative; content:"scanlisten.sunless.network"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163564/; classtype:trojan-activity;sid:81026664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sunless.mips"; http_uri; depth:13; isdataat:!1,relative; content:"scanlisten.sunless.network"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163563/; classtype:trojan-activity;sid:81026663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sunless.x86"; http_uri; depth:12; isdataat:!1,relative; content:"scanlisten.sunless.network"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163562/; classtype:trojan-activity;sid:81026662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sunless.arm6"; http_uri; depth:13; isdataat:!1,relative; content:"scanlisten.sunless.network"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163561/; classtype:trojan-activity;sid:81026661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sunless.arm7"; http_uri; depth:13; isdataat:!1,relative; content:"scanlisten.sunless.network"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163560/; classtype:trojan-activity;sid:81026660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sunless.arm"; http_uri; depth:12; isdataat:!1,relative; content:"scanlisten.sunless.network"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163559/; classtype:trojan-activity;sid:81026659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sunless.arm5"; http_uri; depth:13; isdataat:!1,relative; content:"scanlisten.sunless.network"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163558/; classtype:trojan-activity;sid:81026658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/awstats-icon/sxapy/"; http_uri; depth:20; isdataat:!1,relative; content:"test.ord.nuucloud.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163556/; classtype:trojan-activity;sid:81026656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/lj/"; http_uri; depth:12; isdataat:!1,relative; content:"eynordic.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163555/; classtype:trojan-activity;sid:81026655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/a31k9o/"; http_uri; depth:19; isdataat:!1,relative; content:"titaniumtv.club"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163554/; classtype:trojan-activity;sid:81026654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/275wwa/"; http_uri; depth:19; isdataat:!1,relative; content:"artecautomaten.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163553/; classtype:trojan-activity;sid:81026653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/0sm/"; http_uri; depth:14; isdataat:!1,relative; content:"avocats-etrangers.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163552/; classtype:trojan-activity;sid:81026652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/revenge.arm"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163551/; classtype:trojan-activity;sid:81026651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/revenge.arm5"; http_uri; depth:18; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163550/; classtype:trojan-activity;sid:81026650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/revenge.mips"; http_uri; depth:18; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163548/; classtype:trojan-activity;sid:81026648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/revenge.mpsl"; http_uri; depth:18; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163549/; classtype:trojan-activity;sid:81026649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/revenge.x86"; http_uri; depth:17; isdataat:!1,relative; content:"206.189.30.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163547/; classtype:trojan-activity;sid:81026647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/2a8f-0imsul-ruzjl/"; http_uri; depth:30; isdataat:!1,relative; content:"kamel.com.pl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163546/; classtype:trojan-activity;sid:81026646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/induscity/woocommerce/cart/sserv.jpg"; http_uri; depth:55; isdataat:!1,relative; content:"pedulirakyataceh.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163545/; classtype:trojan-activity;sid:81026645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.accs.send.net/"; http_uri; depth:31; isdataat:!1,relative; content:"sisitel.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163544/; classtype:trojan-activity;sid:81026644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/24zn-vqd0b-obycastzd/"; http_uri; depth:33; isdataat:!1,relative; content:"iais.ac.id"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163543/; classtype:trojan-activity;sid:81026643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/6uep-ug3yo-tfqqunh/"; http_uri; depth:41; isdataat:!1,relative; content:"www.espacerezo.fr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163542/; classtype:trojan-activity;sid:81026642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/nnsz/"; http_uri; depth:17; isdataat:!1,relative; content:"visa.org.ua"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163541/; classtype:trojan-activity;sid:81026641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/fgf/"; http_uri; depth:17; isdataat:!1,relative; content:"hechizosyconjurodeamor.info"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163540/; classtype:trojan-activity;sid:81026640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/samples/3i/"; http_uri; depth:12; isdataat:!1,relative; content:"simplyresponsive.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163539/; classtype:trojan-activity;sid:81026639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/yiga/"; http_uri; depth:9; isdataat:!1,relative; content:"chefmongiovi.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163538/; classtype:trojan-activity;sid:81026638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/emc/"; http_uri; depth:9; isdataat:!1,relative; content:"siamnatural.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163537/; classtype:trojan-activity;sid:81026637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; content:"128.199.32.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163536/; classtype:trojan-activity;sid:81026636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/wg1jbk-a92by-kyrzm/"; http_uri; depth:31; isdataat:!1,relative; content:"opatrimonio.imb.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163535/; classtype:trojan-activity;sid:81026635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/lzac-749jvd-mjir/"; http_uri; depth:28; isdataat:!1,relative; content:"golemaryam17.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163534/; classtype:trojan-activity;sid:81026634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"37.72.49.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163533/; classtype:trojan-activity;sid:81026633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"5.102.252.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163532/; classtype:trojan-activity;sid:81026632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"190.56.229.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163531/; classtype:trojan-activity;sid:81026631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"49.159.196.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163530/; classtype:trojan-activity;sid:81026630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.43.38.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163529/; classtype:trojan-activity;sid:81026629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-snapshots/trust.accounts.resourses.biz/"; http_uri; depth:43; isdataat:!1,relative; content:"nicht-michael.de"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163528/; classtype:trojan-activity;sid:81026628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mlfp2yd/kgla1-0o7rjf-vent/"; http_uri; depth:27; isdataat:!1,relative; content:"northmkt.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163527/; classtype:trojan-activity;sid:81026627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/3adehg-k7k0504-ayrepow/"; http_uri; depth:35; isdataat:!1,relative; content:"nralegal.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163526/; classtype:trojan-activity;sid:81026626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"116.102.235.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163525/; classtype:trojan-activity;sid:81026625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"114.32.50.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163524/; classtype:trojan-activity;sid:81026624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"24.213.116.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163523/; classtype:trojan-activity;sid:81026623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/k9npb-02ofmi-gxjuhlxk/"; http_uri; depth:37; isdataat:!1,relative; content:"xn--80ajoksa8ap9b.xn--p1ai"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163522/; classtype:trojan-activity;sid:81026622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; content:"27.75.133.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163521/; classtype:trojan-activity;sid:81026621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/libraries/v4s9-1ah2l1-qohimntni/"; http_uri; depth:33; isdataat:!1,relative; content:"miduma.eu"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163520/; classtype:trojan-activity;sid:81026620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/images/personal/lav7.exe"; http_uri; depth:41; isdataat:!1,relative; content:"ahsantiago.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163519/; classtype:trojan-activity;sid:81026619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/m68k"; http_uri; depth:20; isdataat:!1,relative; content:"157.230.165.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163518/; classtype:trojan-activity;sid:81026618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/sh4"; http_uri; depth:19; isdataat:!1,relative; content:"157.230.165.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163517/; classtype:trojan-activity;sid:81026617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/ppc"; http_uri; depth:19; isdataat:!1,relative; content:"157.230.165.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163516/; classtype:trojan-activity;sid:81026616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/arm6"; http_uri; depth:20; isdataat:!1,relative; content:"157.230.165.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163513/; classtype:trojan-activity;sid:81026613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/arm5"; http_uri; depth:20; isdataat:!1,relative; content:"157.230.165.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163511/; classtype:trojan-activity;sid:81026611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/13747243572475/arm"; http_uri; depth:19; isdataat:!1,relative; content:"157.230.165.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163509/; classtype:trojan-activity;sid:81026609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/ta33r-qvjhi-wsdgfbhl/"; http_uri; depth:36; isdataat:!1,relative; content:"drlaszlozopcsak.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163508/; classtype:trojan-activity;sid:81026608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/includes/w40nl1-mkw5af0-gnyahb/"; http_uri; depth:32; isdataat:!1,relative; content:"oma-life.co.il"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163507/; classtype:trojan-activity;sid:81026607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/ldvwc-7effd-mhljser/"; http_uri; depth:32; isdataat:!1,relative; content:"sudmc.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163506/; classtype:trojan-activity;sid:81026606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/administrator/wbka71-lmu27-vhofm/"; http_uri; depth:34; isdataat:!1,relative; content:"medical.moallem.sch.ir"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163505/; classtype:trojan-activity;sid:81026605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/nwmv2-4rquyc-sqnvqg/"; http_uri; depth:32; isdataat:!1,relative; content:"draaiorgel.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163504/; classtype:trojan-activity;sid:81026604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/modules/937k4-ikhuirs-ksvq/"; http_uri; depth:28; isdataat:!1,relative; content:"www.minirent.lt"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163503/; classtype:trojan-activity;sid:81026603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ivdgfho/verif.accounts.send.net/"; http_uri; depth:33; isdataat:!1,relative; content:"cms.cuidadospelavida.com.br"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163502/; classtype:trojan-activity;sid:81026602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/cqcallbookinstaller.exe"; http_uri; depth:34; isdataat:!1,relative; content:"cqlog.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163501/; classtype:trojan-activity;sid:81026601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/erros/sm53-o8hu2-phdejeg/"; http_uri; depth:26; isdataat:!1,relative; content:"fullwiz.com.br"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163500/; classtype:trojan-activity;sid:81026600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blogs/media/nzg2-eizh8g-eynfnzka/"; http_uri; depth:34; isdataat:!1,relative; content:"nhanhoamotor.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163499/; classtype:trojan-activity;sid:81026599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/verif.myaccount.resourses.biz/"; http_uri; depth:42; isdataat:!1,relative; content:"geologia.geoss.pt"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163498/; classtype:trojan-activity;sid:81026598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bmo.com-onlinebanking/b3yg2id-o415ma6-trfyn/"; http_uri; depth:45; isdataat:!1,relative; content:"dollex.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163497/; classtype:trojan-activity;sid:81026597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/j4n98-0oa7c-vdbsp/"; http_uri; depth:38; isdataat:!1,relative; content:"otojack.co.id"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163496/; classtype:trojan-activity;sid:81026596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/verif.myacc.resourses.com/"; http_uri; depth:36; isdataat:!1,relative; content:"jiniastore.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163495/; classtype:trojan-activity;sid:81026595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/logon/t34aj9f-nynfij6-ruwrwu/"; http_uri; depth:30; isdataat:!1,relative; content:"favoritbt.t-online.hu"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163494/; classtype:trojan-activity;sid:81026594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ww4w/hnq4-v7heb-qbdfeh/"; http_uri; depth:24; isdataat:!1,relative; content:"hds69.pl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163493/; classtype:trojan-activity;sid:81026593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ww4w/fwi0-a7lzzd-zkbazu/"; http_uri; depth:25; isdataat:!1,relative; content:"hds69.pl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163492/; classtype:trojan-activity;sid:81026592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/secure.accounts.resourses.net/"; http_uri; depth:38; isdataat:!1,relative; content:"gmt-thailand.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163491/; classtype:trojan-activity;sid:81026591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cayo5"; http_uri; depth:6; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163490/; classtype:trojan-activity;sid:81026590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cayo3"; http_uri; depth:6; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163488/; classtype:trojan-activity;sid:81026588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cayo4"; http_uri; depth:6; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163489/; classtype:trojan-activity;sid:81026589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cayo2"; http_uri; depth:6; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163487/; classtype:trojan-activity;sid:81026587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cayo1"; http_uri; depth:6; isdataat:!1,relative; content:"157.230.118.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163486/; classtype:trojan-activity;sid:81026586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/trust.myaccount.docs.biz/"; http_uri; depth:34; isdataat:!1,relative; content:"tapchicaythuoc.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163485/; classtype:trojan-activity;sid:81026585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sec.accounts.resourses.net/"; http_uri; depth:40; isdataat:!1,relative; content:"vrfantasy.csps.tyc.edu.tw"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163484/; classtype:trojan-activity;sid:81026584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sec.myaccount.resourses.net/"; http_uri; depth:40; isdataat:!1,relative; content:"harga-toyotasemarang.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163483/; classtype:trojan-activity;sid:81026583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/images/personal/p3x.exe"; http_uri; depth:40; isdataat:!1,relative; content:"ahsantiago.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163482/; classtype:trojan-activity;sid:81026582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/templates/beez3/images/personal/p2x.exe"; http_uri; depth:40; isdataat:!1,relative; content:"ahsantiago.pt"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163481/; classtype:trojan-activity;sid:81026581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/xjyvwn/"; http_uri; depth:17; isdataat:!1,relative; content:"bilgiegitimonline.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163480/; classtype:trojan-activity;sid:81026580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ghezons/trust.myacc.send.biz/"; http_uri; depth:30; isdataat:!1,relative; content:"nazara.id"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163479/; classtype:trojan-activity;sid:81026579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/mytime_cn/trust.accs.resourses.com/"; http_uri; depth:54; isdataat:!1,relative; content:"mytime.com.hk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163478/; classtype:trojan-activity;sid:81026578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/hzzy1m-ez2fce-encook/"; http_uri; depth:33; isdataat:!1,relative; content:"opt.minsa.gob.pa"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163477/; classtype:trojan-activity;sid:81026577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/crm/6zpu-x5hypk-qwgddvzam/"; http_uri; depth:27; isdataat:!1,relative; content:"servinfo.com.uy"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163476/; classtype:trojan-activity;sid:81026576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.accs.resourses.net/"; http_uri; depth:38; isdataat:!1,relative; content:"xn----zhcbeat6aupuu3f.org.il"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163475/; classtype:trojan-activity;sid:81026575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/blur-a69vj-wagvib/"; http_uri; depth:26; isdataat:!1,relative; content:"steventefft.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163474/; classtype:trojan-activity;sid:81026574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/noorwegen/9zbl-fvhih-glkt/"; http_uri; depth:27; isdataat:!1,relative; content:"typtotaal.nl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163473/; classtype:trojan-activity;sid:81026573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/www/wp-content/k882s-0she4w-empvykdb/"; http_uri; depth:38; isdataat:!1,relative; content:"nehty-maki.cz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163472/; classtype:trojan-activity;sid:81026572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/go/i92iz-0oruk-apqlblp/"; http_uri; depth:24; isdataat:!1,relative; content:"matefactor.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163471/; classtype:trojan-activity;sid:81026571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/backup30122018/app_data/m31r6y6-nqcw2vo-yuqoh/"; http_uri; depth:47; isdataat:!1,relative; content:"meghaparcel.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163470/; classtype:trojan-activity;sid:81026570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wdx0u-nmpa3-uxbrprx/"; http_uri; depth:24; isdataat:!1,relative; content:"www.psc-prosupport.jp"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163469/; classtype:trojan-activity;sid:81026569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/admin/verif.accounts.send.net/"; http_uri; depth:31; isdataat:!1,relative; content:"mktfan.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163468/; classtype:trojan-activity;sid:81026568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.accs.resourses.net/"; http_uri; depth:38; isdataat:!1,relative; content:"waverleychauffeurs.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163467/; classtype:trojan-activity;sid:81026567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/megabusbandung.com/secure.myacc.docs.biz/"; http_uri; depth:42; isdataat:!1,relative; content:"www.kuy-ah.id"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163466/; classtype:trojan-activity;sid:81026566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.accs.docs.net/"; http_uri; depth:31; isdataat:!1,relative; content:"www.monfoodland.mn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163465/; classtype:trojan-activity;sid:81026565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/emanager/conteudo/gercont/fotos/sec.myacc.send.com/"; http_uri; depth:52; isdataat:!1,relative; content:"cooperminio.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163464/; classtype:trojan-activity;sid:81026564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/secure.accounts.resourses.biz/"; http_uri; depth:42; isdataat:!1,relative; content:"danhba.dulichvietnam.com.vn"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163463/; classtype:trojan-activity;sid:81026563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pgslive/k86su-gz0ngcx-mcnnk/"; http_uri; depth:29; isdataat:!1,relative; content:"edufinit.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163462/; classtype:trojan-activity;sid:81026562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pgslive/dq651-0oxvz9q-jkvbc/"; http_uri; depth:29; isdataat:!1,relative; content:"edufinit.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163461/; classtype:trojan-activity;sid:81026561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/v1/sec.myacc.resourses.com/"; http_uri; depth:28; isdataat:!1,relative; content:"foodphotography.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163460/; classtype:trojan-activity;sid:81026560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/docs/secure.myaccount.resourses.com/"; http_uri; depth:37; isdataat:!1,relative; content:"qlstandard.com.mx"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163459/; classtype:trojan-activity;sid:81026559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/6t7k-f9kn4-almgnytn/"; http_uri; depth:32; isdataat:!1,relative; content:"www.cbmagency.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163458/; classtype:trojan-activity;sid:81026558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/assets/palw-n7z3ec-rdfis/"; http_uri; depth:26; isdataat:!1,relative; content:"gccpharr.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163457/; classtype:trojan-activity;sid:81026557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sec.accs.docs.com/"; http_uri; depth:31; isdataat:!1,relative; content:"fmhss.edu.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163456/; classtype:trojan-activity;sid:81026556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/beauty-house/rr48ii-9dnlp-jbbalh/"; http_uri; depth:34; isdataat:!1,relative; content:"tem2.belocal.today"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163455/; classtype:trojan-activity;sid:81026555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/spikyfishgames/gdlr6-f5dsdj-xpfdickg/"; http_uri; depth:38; isdataat:!1,relative; content:"pufferfiz.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163454/; classtype:trojan-activity;sid:81026554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sec.myacc.send.com/"; http_uri; depth:29; isdataat:!1,relative; content:"pedulirakyataceh.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163453/; classtype:trojan-activity;sid:81026553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wblev-6pox5-vpckk/"; http_uri; depth:19; isdataat:!1,relative; content:"fumicolcali.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163452/; classtype:trojan-activity;sid:81026552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2ps/qquw-3593k3-zjwnblnj/"; http_uri; depth:26; isdataat:!1,relative; content:"warah.com.ar"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163451/; classtype:trojan-activity;sid:81026551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/55pksn-2ux6049-qeziwz/"; http_uri; depth:35; isdataat:!1,relative; content:"fixxo.nl"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163450/; classtype:trojan-activity;sid:81026550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/catalog/35h5nn-5b07b1s-ratqzy/"; http_uri; depth:31; isdataat:!1,relative; content:"wardesign.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163449/; classtype:trojan-activity;sid:81026549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tc4vpdfq"; http_uri; depth:13; isdataat:!1,relative; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163448/; classtype:trojan-activity;sid:81026548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/secure.myacc.resourses.com/"; http_uri; depth:37; isdataat:!1,relative; content:"fisioterapeutadc.com.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163447/; classtype:trojan-activity;sid:81026547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/jowqx-xzq3y-hwgcam/"; http_uri; depth:45; isdataat:!1,relative; content:"vandekonijnen.be"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163446/; classtype:trojan-activity;sid:81026546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/m43kn-63ojv-rclno/"; http_uri; depth:26; isdataat:!1,relative; content:"udhaiyamdhall.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163445/; classtype:trojan-activity;sid:81026545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m2013/files/temp/5seko-uy8ym-piseiw/"; http_uri; depth:37; isdataat:!1,relative; content:"ganzetec.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163444/; classtype:trojan-activity;sid:81026544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1/77.exe"; http_uri; depth:9; isdataat:!1,relative; content:"dan-rno.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163443/; classtype:trojan-activity;sid:81026543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/christianoffice1.exe"; http_uri; depth:21; isdataat:!1,relative; content:"zicatrade.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163442/; classtype:trojan-activity;sid:81026542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/at.txt"; http_uri; depth:7; isdataat:!1,relative; content:"134.209.88.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163441/; classtype:trojan-activity;sid:81026541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/3meye-or603j-szxhtk/"; http_uri; depth:21; isdataat:!1,relative; content:"garymackman.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163440/; classtype:trojan-activity;sid:81026540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app_data/8ax1-g9c7iy-plagurs/"; http_uri; depth:30; isdataat:!1,relative; content:"frigoriferivignola.it"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163439/; classtype:trojan-activity;sid:81026539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/ju64f-o4wdc-ugfakmm/"; http_uri; depth:29; isdataat:!1,relative; content:"fysiomaatwerk.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163438/; classtype:trojan-activity;sid:81026538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/1aw7sob-wcgfpqo-japog/"; http_uri; depth:23; isdataat:!1,relative; content:"franceslin.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163437/; classtype:trojan-activity;sid:81026537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/languages/6uep-ug3yo-tfqqunh/"; http_uri; depth:41; isdataat:!1,relative; content:"espacerezo.fr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163436/; classtype:trojan-activity;sid:81026536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mp4/plsn-uduwr-mqymlufk/"; http_uri; depth:25; isdataat:!1,relative; content:"emfsys.gr"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163435/; classtype:trojan-activity;sid:81026535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp/contract%20(2).jpg"; http_uri; depth:22; isdataat:!1,relative; content:"everestsainik.edu.np"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163434/; classtype:trojan-activity;sid:81026534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/erros/n3txwy-8xkkb-ppyftw/"; http_uri; depth:27; isdataat:!1,relative; content:"fitnessboutique.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163433/; classtype:trojan-activity;sid:81026533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/404/syi5t9c-gs4alw-wdxxy/"; http_uri; depth:26; isdataat:!1,relative; content:"eziyuan.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163431/; classtype:trojan-activity;sid:81026531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ip5daee/wqy3-qva62-jljnfs/"; http_uri; depth:27; isdataat:!1,relative; content:"fon-gsm.pl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163432/; classtype:trojan-activity;sid:81026532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mm.ms.com/uz7e-qul6b1-ftpb/"; http_uri; depth:28; isdataat:!1,relative; content:"dream-sequence.cc"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163430/; classtype:trojan-activity;sid:81026530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pixel/pgy65-bauy9e-sglbgm/"; http_uri; depth:27; isdataat:!1,relative; content:"flashhospedagem.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163429/; classtype:trojan-activity;sid:81026529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/abin1.exe"; http_uri; depth:10; isdataat:!1,relative; content:"zicatrade.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163428/; classtype:trojan-activity;sid:81026528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/app_data/intuit_us_ca/bd3rc-4tyls4-brbkdnlm/"; http_uri; depth:45; isdataat:!1,relative; content:"eukairostech.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163427/; classtype:trojan-activity;sid:81026527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/repository/upd.exe"; http_uri; depth:19; isdataat:!1,relative; content:"file2yu.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163426/; classtype:trojan-activity;sid:81026526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/free_sms_bomber.exe"; http_uri; depth:20; isdataat:!1,relative; content:"valimersoft.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163425/; classtype:trojan-activity;sid:81026525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xpobjjt-oghy0-jqtz/"; http_uri; depth:20; isdataat:!1,relative; content:"feezell.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163424/; classtype:trojan-activity;sid:81026524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/repository/working4.exe"; http_uri; depth:24; isdataat:!1,relative; content:"file2yu.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163423/; classtype:trojan-activity;sid:81026523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wvvw/r3jv-f17op5-ubbtjlkx/"; http_uri; depth:27; isdataat:!1,relative; content:"eyedesign.ro"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163422/; classtype:trojan-activity;sid:81026522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/test/wptest/wp-content/uploads/6dse9my-qkxok-mjth/"; http_uri; depth:51; isdataat:!1,relative; content:"falmer.de"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163421/; classtype:trojan-activity;sid:81026521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/intro/k6ypwu-bt55zh-jlzg/"; http_uri; depth:26; isdataat:!1,relative; content:"famaweb.ir"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163420/; classtype:trojan-activity;sid:81026520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ccnb5-ymxiu9-bbwmqunj/"; http_uri; depth:23; isdataat:!1,relative; content:"fabrin.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163419/; classtype:trojan-activity;sid:81026519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/adx8-pf6gn-wrsaufn/"; http_uri; depth:29; isdataat:!1,relative; content:"valfin.es"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163418/; classtype:trojan-activity;sid:81026518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/5es8-hj2zd-xqfy/"; http_uri; depth:17; isdataat:!1,relative; content:"ewoij.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163417/; classtype:trojan-activity;sid:81026517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sobdh-1x7qvtek5icxsku_lyjdfaqkp-hau/26b0k-auv7k-blfagi/"; http_uri; depth:56; isdataat:!1,relative; content:"eugenebackyardfarmer.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163416/; classtype:trojan-activity;sid:81026516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/gvfy-tm4hg-uzfxge/"; http_uri; depth:28; isdataat:!1,relative; content:"taskforce1.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163415/; classtype:trojan-activity;sid:81026515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/yii/29i2j-m2cqj85-hgxhuo/"; http_uri; depth:26; isdataat:!1,relative; content:"eurofutura.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163414/; classtype:trojan-activity;sid:81026514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/nm3zz-fp6wt4-bgucnzc/"; http_uri; depth:33; isdataat:!1,relative; content:"etsfitness.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163413/; classtype:trojan-activity;sid:81026513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bal-billeder/h8yt-ufnim-jhzuhlh/"; http_uri; depth:33; isdataat:!1,relative; content:"eugroup.dk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163412/; classtype:trojan-activity;sid:81026512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/jc2na50-687mr-pvwkg/"; http_uri; depth:32; isdataat:!1,relative; content:"esenolcum.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163411/; classtype:trojan-activity;sid:81026511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/scripts_index/fd68d-rf3ks3-oxlbbiae/"; http_uri; depth:37; isdataat:!1,relative; content:"erica.id.au"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163410/; classtype:trojan-activity;sid:81026510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mineria/vftn-clanm4-rukatjqja/"; http_uri; depth:31; isdataat:!1,relative; content:"ernyegoavil.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163409/; classtype:trojan-activity;sid:81026509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/vorwjhx-b56mpx-pxogt/"; http_uri; depth:34; isdataat:!1,relative; content:"eldruidaylashierbas.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163408/; classtype:trojan-activity;sid:81026508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/proba/8vts-pfhag-rqcvo/"; http_uri; depth:24; isdataat:!1,relative; content:"elterma.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163407/; classtype:trojan-activity;sid:81026507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wvw/85hw-6ykoa-dhnqv/"; http_uri; depth:22; isdataat:!1,relative; content:"emirays.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163406/; classtype:trojan-activity;sid:81026506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wvvw/98yme-e0edo8-bfst/"; http_uri; depth:24; isdataat:!1,relative; content:"epmkalisz.cba.pl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163405/; classtype:trojan-activity;sid:81026505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/eargasm/s2r3-idxnud-hmdrbi/"; http_uri; depth:28; isdataat:!1,relative; content:"ehsan.it"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163404/; classtype:trojan-activity;sid:81026504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/89a7z-5iwov8-ljgh/"; http_uri; depth:26; isdataat:!1,relative; content:"dramitinos.gr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163403/; classtype:trojan-activity;sid:81026503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/service-report-2969/7srr-o5cyj-djdwha/"; http_uri; depth:39; isdataat:!1,relative; content:"egsa.at"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163402/; classtype:trojan-activity;sid:81026502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ares/dxak2-xicwl-dzmzrht/"; http_uri; depth:26; isdataat:!1,relative; content:"edandtrish.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163401/; classtype:trojan-activity;sid:81026501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pnle-dsu9a4-oitg/"; http_uri; depth:18; isdataat:!1,relative; content:"duricu.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163400/; classtype:trojan-activity;sid:81026500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pk/3ft9-324897-zkuyig/"; http_uri; depth:23; isdataat:!1,relative; content:"domel92.cba.pl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163399/; classtype:trojan-activity;sid:81026499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/2eqt/vdm8-uyuyv-dfiwnrk/"; http_uri; depth:25; isdataat:!1,relative; content:"dinobacciotti.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163398/; classtype:trojan-activity;sid:81026498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ykex-n27cn-ywfdxyg/"; http_uri; depth:20; isdataat:!1,relative; content:"docecreativo.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163397/; classtype:trojan-activity;sid:81026497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/logssite/xrw2-c640ec-wwdjul/"; http_uri; depth:29; isdataat:!1,relative; content:"ciadostapetes.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163396/; classtype:trojan-activity;sid:81026496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pcv/xzys_dnb_jf.exe"; http_uri; depth:20; isdataat:!1,relative; content:"g.7230.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163395/; classtype:trojan-activity;sid:81026495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/uhgv-jsyr0r-kotcqw/"; http_uri; depth:29; isdataat:!1,relative; content:"dingesgang.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163394/; classtype:trojan-activity;sid:81026494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/tewyf-1q3nn-pxjtnaug/"; http_uri; depth:30; isdataat:!1,relative; content:"dirproperties.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163393/; classtype:trojan-activity;sid:81026493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/mailer/ayzmf-bcwjgtl-dqojfyz/"; http_uri; depth:30; isdataat:!1,relative; content:"colbydix.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163392/; classtype:trojan-activity;sid:81026492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/meb5u-9rgfea-dtrpwezou/"; http_uri; depth:27; isdataat:!1,relative; content:"dictionary.me"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163391/; classtype:trojan-activity;sid:81026491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/layouts/blbmxp-qcwlff-rnjpolp/"; http_uri; depth:31; isdataat:!1,relative; content:"ciga.ro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163390/; classtype:trojan-activity;sid:81026490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/logssite/7muytss-1pcmi4a-ikmu/"; http_uri; depth:31; isdataat:!1,relative; content:"datos.com.tw"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163388/; classtype:trojan-activity;sid:81026488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/gearet/orr9-u17bmu-otgynfmo/"; http_uri; depth:29; isdataat:!1,relative; content:"diskobil.dk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163389/; classtype:trojan-activity;sid:81026489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/b3ju-zjaap-xezfkqxi/"; http_uri; depth:29; isdataat:!1,relative; content:"designartin.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163387/; classtype:trojan-activity;sid:81026487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/9pdqg-9f5z8e-ditcq/"; http_uri; depth:20; isdataat:!1,relative; content:"delamargm.cl"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163386/; classtype:trojan-activity;sid:81026486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/h3255433667m39919354.zip"; http_uri; depth:42; isdataat:!1,relative; content:"shyampawar.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163385/; classtype:trojan-activity;sid:81026485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/51261086t16479416.zip"; http_uri; depth:22; isdataat:!1,relative; content:"thedatabind.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163384/; classtype:trojan-activity;sid:81026484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/c775864078112128947.zip"; http_uri; depth:33; isdataat:!1,relative; content:"stepinsidemyhead.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163383/; classtype:trojan-activity;sid:81026483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/r31-5356489a08121628.zip"; http_uri; depth:37; isdataat:!1,relative; content:"moredetey.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163382/; classtype:trojan-activity;sid:81026482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/p6934346770p60401644.zip"; http_uri; depth:36; isdataat:!1,relative; content:"www.triumph67.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163381/; classtype:trojan-activity;sid:81026481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/i99-55159049u97704398.zip"; http_uri; depth:39; isdataat:!1,relative; content:"www.moccasincreekintl.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163380/; classtype:trojan-activity;sid:81026480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/m290994846402-84692300057965635823.zip"; http_uri; depth:39; isdataat:!1,relative; content:"service20.consys.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163379/; classtype:trojan-activity;sid:81026479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/w87-646799k229953495.zip"; http_uri; depth:44; isdataat:!1,relative; content:"www.aresorganics.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163378/; classtype:trojan-activity;sid:81026478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ypxqgxy/f17-3539631z576351678.zip"; http_uri; depth:34; isdataat:!1,relative; content:"partland63.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163377/; classtype:trojan-activity;sid:81026477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/mu-plugins/99-3887537c993193514.zip"; http_uri; depth:47; isdataat:!1,relative; content:"seniorfunnytv.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163376/; classtype:trojan-activity;sid:81026476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/i243926542n85203460.zip"; http_uri; depth:36; isdataat:!1,relative; content:"bangaloreastrologer.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163375/; classtype:trojan-activity;sid:81026475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/r440678249u86521230.zip"; http_uri; depth:33; isdataat:!1,relative; content:"bidextro.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163374/; classtype:trojan-activity;sid:81026474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/z49-9554216734908426.zip"; http_uri; depth:37; isdataat:!1,relative; content:"trullsrodshop.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163373/; classtype:trojan-activity;sid:81026473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/l01-197949x4097174.zip"; http_uri; depth:34; isdataat:!1,relative; content:"provence-sud-sainte-baume.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163372/; classtype:trojan-activity;sid:81026472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/core/cache/l94594698k71107075.zip"; http_uri; depth:34; isdataat:!1,relative; content:"www.ekspert52.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163371/; classtype:trojan-activity;sid:81026471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s170201981r5346496.zip"; http_uri; depth:23; isdataat:!1,relative; content:"mail.tknet.dk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163370/; classtype:trojan-activity;sid:81026470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/dw4m-uc95n-ssds/"; http_uri; depth:25; isdataat:!1,relative; content:"cddvd.kz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163369/; classtype:trojan-activity;sid:81026469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pub/1a1797q-9x15g3n-eojxkb/"; http_uri; depth:28; isdataat:!1,relative; content:"dekormc.pl"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163368/; classtype:trojan-activity;sid:81026468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/7u5a54-7h61ivc-cggx/"; http_uri; depth:33; isdataat:!1,relative; content:"urbanfoodeu.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163367/; classtype:trojan-activity;sid:81026467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/vp/"; http_uri; depth:23; isdataat:!1,relative; content:"www.crossoverscrubbers.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163366/; classtype:trojan-activity;sid:81026466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/sy88-wgd671-rbqtxp/"; http_uri; depth:31; isdataat:!1,relative; content:"danhba.dulichvietnam.com.vn"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163365/; classtype:trojan-activity;sid:81026465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/cmfvs-upm4du-uiwqak/"; http_uri; depth:30; isdataat:!1,relative; content:"animalswithdetail.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163364/; classtype:trojan-activity;sid:81026464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/7e1gddy-tyt0c-aartorj/"; http_uri; depth:35; isdataat:!1,relative; content:"nessadvocacia.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163363/; classtype:trojan-activity;sid:81026463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sym/oziz-51fkkk-zskdwktci/"; http_uri; depth:27; isdataat:!1,relative; content:"cyberdrink.co.uk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163362/; classtype:trojan-activity;sid:81026462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wfa/2wnh-hs2t6-fyepj/"; http_uri; depth:22; isdataat:!1,relative; content:"getawebsite.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163361/; classtype:trojan-activity;sid:81026461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cms/a54h-0tv9u9-zyqmb/"; http_uri; depth:23; isdataat:!1,relative; content:"croos.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163357/; classtype:trojan-activity;sid:81026457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cms/ktrk-8fexq-yeen/"; http_uri; depth:21; isdataat:!1,relative; content:"croos.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163359/; classtype:trojan-activity;sid:81026459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cms/vp6as5-7sup0-zxgzczn/"; http_uri; depth:26; isdataat:!1,relative; content:"croos.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163360/; classtype:trojan-activity;sid:81026460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cms/z4xmk0-kfvybxe-aadtv/"; http_uri; depth:26; isdataat:!1,relative; content:"croos.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163358/; classtype:trojan-activity;sid:81026458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cms/b6m18-rpsara-ldej/"; http_uri; depth:23; isdataat:!1,relative; content:"croos.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163355/; classtype:trojan-activity;sid:81026455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cms/kvdki-7tnl9-rusl/"; http_uri; depth:22; isdataat:!1,relative; content:"croos.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163356/; classtype:trojan-activity;sid:81026456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/xbc/"; http_uri; depth:16; isdataat:!1,relative; content:"www.madonnaball.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163354/; classtype:trojan-activity;sid:81026454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blog/n70l-hujh9z-bcjsbiq/"; http_uri; depth:26; isdataat:!1,relative; content:"dandavner.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163353/; classtype:trojan-activity;sid:81026453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/2t228-7zyrn6-okqpgfj/"; http_uri; depth:25; isdataat:!1,relative; content:"conalcreedon.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163352/; classtype:trojan-activity;sid:81026452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/9ihj-vdu5s9-lxkyydrw/"; http_uri; depth:33; isdataat:!1,relative; content:"claudiogarcia.es"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163351/; classtype:trojan-activity;sid:81026451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/card/xz1gmq-zi7329-rxqf/"; http_uri; depth:25; isdataat:!1,relative; content:"d3n.com"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163350/; classtype:trojan-activity;sid:81026450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/h7h1a0-6slc70-doodl/"; http_uri; depth:32; isdataat:!1,relative; content:"contivenlo.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163349/; classtype:trojan-activity;sid:81026449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/wllyf-rhkjj7-emfwadc/"; http_uri; depth:33; isdataat:!1,relative; content:"claudiogarcia.es"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163348/; classtype:trojan-activity;sid:81026448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/hello.rar"; http_uri; depth:10; isdataat:!1,relative; content:"interruption.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163347/; classtype:trojan-activity;sid:81026447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pagpoftrh54.php"; http_uri; depth:16; isdataat:!1,relative; content:"blog.practicereiki.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163346/; classtype:trojan-activity;sid:81026446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sdfweggyrw=3"; http_uri; depth:13; isdataat:!1,relative; content:"blogger.scentasticyoga.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163345/; classtype:trojan-activity;sid:81026445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/xbc"; http_uri; depth:15; isdataat:!1,relative; content:"www.madonnaball.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163344/; classtype:trojan-activity;sid:81026444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.232.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163343/; classtype:trojan-activity;sid:81026443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/y6c1-rx3kquw-smaogv/"; http_uri; depth:33; isdataat:!1,relative; content:"agentbet678.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163342/; classtype:trojan-activity;sid:81026442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/jiah/xt3y-yz11v5-mxzeffxpe/"; http_uri; depth:28; isdataat:!1,relative; content:"eklentitema.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163341/; classtype:trojan-activity;sid:81026441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/pshqhv0-ilxdu9g-zlzgqfy/"; http_uri; depth:37; isdataat:!1,relative; content:"bnkstore.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163340/; classtype:trojan-activity;sid:81026440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/rcwzt-dd7yg7-pqker/"; http_uri; depth:32; isdataat:!1,relative; content:"asasliteratura.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163339/; classtype:trojan-activity;sid:81026439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm5"; http_uri; depth:15; isdataat:!1,relative; content:"91.134.210.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163338/; classtype:trojan-activity;sid:81026438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.x86"; http_uri; depth:14; isdataat:!1,relative; content:"91.134.210.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163337/; classtype:trojan-activity;sid:81026437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.spc"; http_uri; depth:14; isdataat:!1,relative; content:"91.134.210.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163336/; classtype:trojan-activity;sid:81026436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.sh4"; http_uri; depth:14; isdataat:!1,relative; content:"91.134.210.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163335/; classtype:trojan-activity;sid:81026435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.ppc"; http_uri; depth:14; isdataat:!1,relative; content:"91.134.210.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163334/; classtype:trojan-activity;sid:81026434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.mpsl"; http_uri; depth:15; isdataat:!1,relative; content:"91.134.210.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163333/; classtype:trojan-activity;sid:81026433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.mips"; http_uri; depth:15; isdataat:!1,relative; content:"91.134.210.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163332/; classtype:trojan-activity;sid:81026432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.m68k"; http_uri; depth:15; isdataat:!1,relative; content:"91.134.210.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163331/; classtype:trojan-activity;sid:81026431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/mysw/"; http_uri; depth:17; isdataat:!1,relative; content:"movetracker.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163330/; classtype:trojan-activity;sid:81026430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/8y98/"; http_uri; depth:15; isdataat:!1,relative; content:"kaziriad.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163329/; classtype:trojan-activity;sid:81026429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/6uq9udk/pt9g/"; http_uri; depth:14; isdataat:!1,relative; content:"totemrussia.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163328/; classtype:trojan-activity;sid:81026428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/w8kf86/"; http_uri; depth:27; isdataat:!1,relative; content:"www.drivingwitharrow.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163327/; classtype:trojan-activity;sid:81026427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/xbc/"; http_uri; depth:16; isdataat:!1,relative; content:"www.madonnaball.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163326/; classtype:trojan-activity;sid:81026426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm7"; http_uri; depth:15; isdataat:!1,relative; content:"91.134.210.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163325/; classtype:trojan-activity;sid:81026425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/flaton/includes/sserv.jpg"; http_uri; depth:44; isdataat:!1,relative; content:"mulugetatcon.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163324/; classtype:trojan-activity;sid:81026424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.spc"; http_uri; depth:13; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163322/; classtype:trojan-activity;sid:81026422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.x86"; http_uri; depth:13; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163323/; classtype:trojan-activity;sid:81026423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163320/; classtype:trojan-activity;sid:81026420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163321/; classtype:trojan-activity;sid:81026421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163319/; classtype:trojan-activity;sid:81026419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163317/; classtype:trojan-activity;sid:81026417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.mips"; http_uri; depth:14; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163318/; classtype:trojan-activity;sid:81026418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/repository/pay4this.exe"; http_uri; depth:24; isdataat:!1,relative; content:"file2yu.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163316/; classtype:trojan-activity;sid:81026416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163314/; classtype:trojan-activity;sid:81026414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163315/; classtype:trojan-activity;sid:81026415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm"; http_uri; depth:13; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163312/; classtype:trojan-activity;sid:81026412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163313/; classtype:trojan-activity;sid:81026413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.spc"; http_uri; depth:13; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163310/; classtype:trojan-activity;sid:81026410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.x86"; http_uri; depth:13; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163311/; classtype:trojan-activity;sid:81026411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.ppc"; http_uri; depth:13; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163308/; classtype:trojan-activity;sid:81026408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.sh4"; http_uri; depth:13; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163309/; classtype:trojan-activity;sid:81026409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.mips"; http_uri; depth:14; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163306/; classtype:trojan-activity;sid:81026406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.mpsl"; http_uri; depth:14; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163307/; classtype:trojan-activity;sid:81026407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm7"; http_uri; depth:14; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163304/; classtype:trojan-activity;sid:81026404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163305/; classtype:trojan-activity;sid:81026405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm6"; http_uri; depth:14; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163303/; classtype:trojan-activity;sid:81026403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm"; http_uri; depth:13; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163301/; classtype:trojan-activity;sid:81026401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/bins/tmp.arm5"; http_uri; depth:14; isdataat:!1,relative; content:"35.204.180.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163302/; classtype:trojan-activity;sid:81026402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/o2su-h3ho8-vktoquxnn/"; http_uri; depth:30; isdataat:!1,relative; content:"lista.al"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163300/; classtype:trojan-activity;sid:81026400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/0qjktat/1jzz-whdza-hljb/"; http_uri; depth:25; isdataat:!1,relative; content:"virginiabuddhisttemple.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163299/; classtype:trojan-activity;sid:81026399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/2yf7g-jhgeam-hxemkci/"; http_uri; depth:34; isdataat:!1,relative; content:"hotexpress.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163298/; classtype:trojan-activity;sid:81026398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/poppy41.exe"; http_uri; depth:14; isdataat:!1,relative; content:"badgewinners.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163297/; classtype:trojan-activity;sid:81026397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/pressthiso/0jo6m-mjdmqr-tgccsd/"; http_uri; depth:32; isdataat:!1,relative; content:"wcdr.pbas.es"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163296/; classtype:trojan-activity;sid:81026396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/_sub/pi59h-h2f22l-kjvxeusk/"; http_uri; depth:28; isdataat:!1,relative; content:"rezidenciahron.sk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163295/; classtype:trojan-activity;sid:81026395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/m43kn-63ojv-rclno/"; http_uri; depth:26; isdataat:!1,relative; content:"www.udhaiyamdhall.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163294/; classtype:trojan-activity;sid:81026394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/xwhbob7/0uob/"; http_uri; depth:14; isdataat:!1,relative; content:"newlifeholding.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163293/; classtype:trojan-activity;sid:81026393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/30h/"; http_uri; depth:17; isdataat:!1,relative; content:"osvisa.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163292/; classtype:trojan-activity;sid:81026392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/uo3/"; http_uri; depth:14; isdataat:!1,relative; content:"myphamcenliathuduc.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163291/; classtype:trojan-activity;sid:81026391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/images/ivs/"; http_uri; depth:12; isdataat:!1,relative; content:"nereynil.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163289/; classtype:trojan-activity;sid:81026389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/vp/"; http_uri; depth:23; isdataat:!1,relative; content:"www.crossoverscrubbers.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163290/; classtype:trojan-activity;sid:81026390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/v2.exe"; http_uri; depth:7; isdataat:!1,relative; content:"146.0.77.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163288/; classtype:trojan-activity;sid:81026388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/s/booky82.exe"; http_uri; depth:14; isdataat:!1,relative; content:"badgewinners.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163287/; classtype:trojan-activity;sid:81026387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ma/sqlbrowsers.exe"; http_uri; depth:19; isdataat:!1,relative; content:"103.46.136.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163286/; classtype:trojan-activity;sid:81026386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ma/sqliosims.exe"; http_uri; depth:17; isdataat:!1,relative; content:"103.46.136.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163285/; classtype:trojan-activity;sid:81026385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ma/sqliosimsa.exe"; http_uri; depth:18; isdataat:!1,relative; content:"103.46.136.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163284/; classtype:trojan-activity;sid:81026384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/down10/sqlservice.exe"; http_uri; depth:22; isdataat:!1,relative; content:"103.1.250.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163283/; classtype:trojan-activity;sid:81026383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/down10/ginsert.exe"; http_uri; depth:19; isdataat:!1,relative; content:"103.1.250.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163282/; classtype:trojan-activity;sid:81026382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm"; http_uri; depth:14; isdataat:!1,relative; content:"91.134.210.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163281/; classtype:trojan-activity;sid:81026381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"91.134.210.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163280/; classtype:trojan-activity;sid:81026380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/plugins/wpautoresize/l/semxbf.msi"; http_uri; depth:57; isdataat:!1,relative; content:"madarings.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163279/; classtype:trojan-activity;sid:81026379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/plugins/wpautoresize/l/fem.msi"; http_uri; depth:54; isdataat:!1,relative; content:"madarings.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163278/; classtype:trojan-activity;sid:81026378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/plugins/wpautoresize/l/cax.msi"; http_uri; depth:54; isdataat:!1,relative; content:"madarings.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163277/; classtype:trojan-activity;sid:81026377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/plugins/wpautoresize/l/windows_update.exe"; http_uri; depth:65; isdataat:!1,relative; content:"madarings.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163276/; classtype:trojan-activity;sid:81026376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/plugins/wpautoresize/l/mcsvij.exe"; http_uri; depth:57; isdataat:!1,relative; content:"madarings.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163275/; classtype:trojan-activity;sid:81026375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/plugins/wpautoresize/l/settings.doc"; http_uri; depth:59; isdataat:!1,relative; content:"madarings.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163274/; classtype:trojan-activity;sid:81026374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/plugins/wpautoresize/l/fem.doc"; http_uri; depth:54; isdataat:!1,relative; content:"madarings.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163273/; classtype:trojan-activity;sid:81026373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/plugins/wpautoresize/l/css.doc"; http_uri; depth:54; isdataat:!1,relative; content:"madarings.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163272/; classtype:trojan-activity;sid:81026372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/plugins/wpautoresize/l/cax.doc"; http_uri; depth:54; isdataat:!1,relative; content:"madarings.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163271/; classtype:trojan-activity;sid:81026371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/tinymce/plugins/wpautoresize/l/baba.msi"; http_uri; depth:55; isdataat:!1,relative; content:"madarings.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163270/; classtype:trojan-activity;sid:81026370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/win.png"; http_uri; depth:8; isdataat:!1,relative; content:"193.187.172.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163269/; classtype:trojan-activity;sid:81026369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/tin.png"; http_uri; depth:8; isdataat:!1,relative; content:"193.187.172.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163268/; classtype:trojan-activity;sid:81026368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/sin.png"; http_uri; depth:8; isdataat:!1,relative; content:"193.187.172.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163267/; classtype:trojan-activity;sid:81026367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/toler.png"; http_uri; depth:10; isdataat:!1,relative; content:"193.187.172.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163266/; classtype:trojan-activity;sid:81026366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/worming.png"; http_uri; depth:12; isdataat:!1,relative; content:"193.187.172.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163265/; classtype:trojan-activity;sid:81026365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/table.png"; http_uri; depth:10; isdataat:!1,relative; content:"193.187.172.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163264/; classtype:trojan-activity;sid:81026364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/radiance.png"; http_uri; depth:13; isdataat:!1,relative; content:"193.187.172.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163263/; classtype:trojan-activity;sid:81026363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/momentum.m68k"; http_uri; depth:14; isdataat:!1,relative; content:"45.67.14.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163262/; classtype:trojan-activity;sid:81026362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/momentum.mips"; http_uri; depth:14; isdataat:!1,relative; content:"45.67.14.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163261/; classtype:trojan-activity;sid:81026361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.232.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163260/; classtype:trojan-activity;sid:81026360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"46.101.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163259/; classtype:trojan-activity;sid:81026359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"69.172.229.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163258/; classtype:trojan-activity;sid:81026358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.232.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163257/; classtype:trojan-activity;sid:81026357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.232.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163256/; classtype:trojan-activity;sid:81026356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"69.172.229.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163255/; classtype:trojan-activity;sid:81026355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/momentum.i586"; http_uri; depth:14; isdataat:!1,relative; content:"45.67.14.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163254/; classtype:trojan-activity;sid:81026354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm6"; http_uri; depth:11; isdataat:!1,relative; content:"46.101.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163253/; classtype:trojan-activity;sid:81026353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.ppc"; http_uri; depth:10; isdataat:!1,relative; content:"46.101.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163252/; classtype:trojan-activity;sid:81026352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i686"; http_uri; depth:11; isdataat:!1,relative; content:"46.101.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163251/; classtype:trojan-activity;sid:81026351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/momentum.armv4l"; http_uri; depth:16; isdataat:!1,relative; content:"45.67.14.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163249/; classtype:trojan-activity;sid:81026349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sh4"; http_uri; depth:10; isdataat:!1,relative; content:"46.101.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163250/; classtype:trojan-activity;sid:81026350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"69.172.229.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163248/; classtype:trojan-activity;sid:81026348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mips"; http_uri; depth:11; isdataat:!1,relative; content:"46.101.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163247/; classtype:trojan-activity;sid:81026347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/momentum.i686"; http_uri; depth:14; isdataat:!1,relative; content:"45.67.14.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163245/; classtype:trojan-activity;sid:81026345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"46.101.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163246/; classtype:trojan-activity;sid:81026346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; content:"134.209.232.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163244/; classtype:trojan-activity;sid:81026344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.232.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163243/; classtype:trojan-activity;sid:81026343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/momentum.armv5l"; http_uri; depth:16; isdataat:!1,relative; content:"45.67.14.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163241/; classtype:trojan-activity;sid:81026341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm7"; http_uri; depth:11; isdataat:!1,relative; content:"46.101.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163242/; classtype:trojan-activity;sid:81026342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.232.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163240/; classtype:trojan-activity;sid:81026340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.sparc"; http_uri; depth:12; isdataat:!1,relative; content:"46.101.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163239/; classtype:trojan-activity;sid:81026339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.232.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163238/; classtype:trojan-activity;sid:81026338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm5"; http_uri; depth:11; isdataat:!1,relative; content:"46.101.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163237/; classtype:trojan-activity;sid:81026337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.m68k"; http_uri; depth:11; isdataat:!1,relative; content:"69.172.229.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163236/; classtype:trojan-activity;sid:81026336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.arm4"; http_uri; depth:11; isdataat:!1,relative; content:"46.101.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163235/; classtype:trojan-activity;sid:81026335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/demon.i586"; http_uri; depth:11; isdataat:!1,relative; content:"46.101.80.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163234/; classtype:trojan-activity;sid:81026334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.232.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163233/; classtype:trojan-activity;sid:81026333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; content:"134.209.232.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163232/; classtype:trojan-activity;sid:81026332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/sh4"; http_uri; depth:10; isdataat:!1,relative; content:"95.213.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163230/; classtype:trojan-activity;sid:81026330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/spc"; http_uri; depth:10; isdataat:!1,relative; content:"95.213.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163231/; classtype:trojan-activity;sid:81026331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/mips"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163227/; classtype:trojan-activity;sid:81026327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/mpsl"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163228/; classtype:trojan-activity;sid:81026328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/ppc"; http_uri; depth:10; isdataat:!1,relative; content:"95.213.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163229/; classtype:trojan-activity;sid:81026329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/i686"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163225/; classtype:trojan-activity;sid:81026325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/m68k"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163226/; classtype:trojan-activity;sid:81026326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/arm6"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163223/; classtype:trojan-activity;sid:81026323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/arm7"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163224/; classtype:trojan-activity;sid:81026324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/arm"; http_uri; depth:10; isdataat:!1,relative; content:"95.213.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163221/; classtype:trojan-activity;sid:81026321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/arm5"; http_uri; depth:11; isdataat:!1,relative; content:"95.213.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163222/; classtype:trojan-activity;sid:81026322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/kyton/arc"; http_uri; depth:10; isdataat:!1,relative; content:"95.213.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163220/; classtype:trojan-activity;sid:81026320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/cache/sserv.jpg"; http_uri; depth:16; isdataat:!1,relative; content:"pingo.id"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163219/; classtype:trojan-activity;sid:81026319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/flaton/js/sserv.jpg"; http_uri; depth:38; isdataat:!1,relative; content:"mulugetatcon.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163218/; classtype:trojan-activity;sid:81026318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/fow0-iekono-gdyw/"; http_uri; depth:27; isdataat:!1,relative; content:"accessreal.i-sprint.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163217/; classtype:trojan-activity;sid:81026317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/blogs/za7t-a58khp-xcmmybdgh/"; http_uri; depth:29; isdataat:!1,relative; content:"gilsanbus.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163216/; classtype:trojan-activity;sid:81026316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/js/28ii-z8uywd-ngfzvozt/"; http_uri; depth:25; isdataat:!1,relative; content:"easternmobility.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163215/; classtype:trojan-activity;sid:81026315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/chatonline2/i7qj1-fq7hi5-tswvimbkh/"; http_uri; depth:36; isdataat:!1,relative; content:"roxhospedagem.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163214/; classtype:trojan-activity;sid:81026314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/g4g38gx580u6/dgnh4i7sdns5.gif"; http_uri; depth:30; isdataat:!1,relative; content:"91.103.2.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163213/; classtype:trojan-activity;sid:81026313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm"; http_uri; depth:18; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163212/; classtype:trojan-activity;sid:81026312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm6"; http_uri; depth:19; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163211/; classtype:trojan-activity;sid:81026311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/oceanwp/assets/css/edd/msg.jpg"; http_uri; depth:49; isdataat:!1,relative; content:"somnathskider.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163210/; classtype:trojan-activity;sid:81026310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm"; http_uri; depth:14; isdataat:!1,relative; content:"91.134.210.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163209/; classtype:trojan-activity;sid:81026309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/nazi/nazi.arm6"; http_uri; depth:15; isdataat:!1,relative; content:"91.134.210.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163208/; classtype:trojan-activity;sid:81026308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/webtube/201310/2139273/pianito.exe"; http_uri; depth:35; isdataat:!1,relative; content:"cdn.truelife.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163207/; classtype:trojan-activity;sid:81026307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.mips"; http_uri; depth:19; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163206/; classtype:trojan-activity;sid:81026306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163205/; classtype:trojan-activity;sid:81026305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.x86"; http_uri; depth:18; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163204/; classtype:trojan-activity;sid:81026304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163203/; classtype:trojan-activity;sid:81026303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163202/; classtype:trojan-activity;sid:81026302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163201/; classtype:trojan-activity;sid:81026301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163200/; classtype:trojan-activity;sid:81026300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; content:"80.191.232.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163199/; classtype:trojan-activity;sid:81026299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/dkm.sh4"; http_uri; depth:8; isdataat:!1,relative; content:"102.165.48.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163198/; classtype:trojan-activity;sid:81026298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm7"; http_uri; depth:19; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163197/; classtype:trojan-activity;sid:81026297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.ppc"; http_uri; depth:18; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163195/; classtype:trojan-activity;sid:81026295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.sh4"; http_uri; depth:18; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163196/; classtype:trojan-activity;sid:81026296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.arm5"; http_uri; depth:19; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163193/; classtype:trojan-activity;sid:81026293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.x86"; http_uri; depth:18; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_03_21; reference:url, urlhaus.abuse.ch/url/163194/; classtype:trojan-activity;sid:81026294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/extendo.m68k"; http_uri; depth:19; isdataat:!1,relative; content:"157.230.21.45"; http_host; depth:13; isdataat:!1,r